stackoom
  简体   繁体   中英

Authenticating users (using both Firebase and Google authentication) on Cloud Endpoints and API Explorer

 原文  2017-04-04 21:56:22       java/ google-app-engine/ firebase-authentication/ google-cloud-endpoints/ google-authentication

Question

Using Cloud Endpoints Frameworks for App Engine I've added authenticating with Firebase Auth in addition to authenticating with Google Accounts.

All is good and well, I can authorize client requests using Firebase Auth, but now I can no longer use API Explorer since that uses Google's authentication and results in a 401 "Invalid credentials" response.

I added Firebase Auth by doing: 

    @Api(
            name = "test",
            version = "v1",
//        authenticators = {EspAuthenticator.class},
            issuers = {
                    @ApiIssuer(
                            name = "firebase",
                            issuer = "https://securetoken.google.com/PROJECT-ID",
                            jwksUri = "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com")
            },
            issuerAudiences = {
                    @ApiIssuerAudience(name = "firebase", audiences = "PROJECT-ID")
            },
            scopes = {Constants.EMAIL_SCOPE},
            clientIds = {Constants.WEB_CLIENT_ID, Constants.ANDROID_CLIENT_ID, Constants.IOS_CLIENT_ID, Constants.API_EXPLORER},
            audiences = {Constants.ANDROID_AUDIENCE},
            namespace = @ApiNamespace(ownerDomain = "XXX", ownerName = "XXX", packagePath="")
    )

A method that works with Google authentication and API Explorer is: 

@ApiMethod(
)
public User getTestUserGoogle(User user) throws UnauthorizedException {
    if (user == null) {
        throw new UnauthorizedException("Invalid credentials");
    }

    return user;
}

And a method that works with Firebase Auth but not OAuth 2.0 on API Explorer is: 

@ApiMethod(
        authenticators = {EspAuthenticator.class}
)
public User getTestUserFirebase(User user) throws UnauthorizedException {
    if (user == null) {
        throw new UnauthorizedException("Invalid credentials");
    }

    return user;
}

This code snippet seems to suggest EspAuthenticator.class shoud work with Google authentication: https://github.com/GoogleCloudPlatform/java-docs-samples/blob/master/appengine/endpoints-frameworks-v2/backend/src/main/java/com/example/echo/Echo.java#L128

However the API Explorer request fails with a 401 "Invalid credentials" response whenever EspAuthenticator.class is set as the authenticator.

Is there any way I can get both Google and Firebase authentication to work on the same method? The only difference between those 2 methods is EspAuthenticator.class and based on the official code snippet in the link above it looks like Google authentication should still work with the EspAuthenticator.class authenticator.

Update: The error I get from Stackdriver is:

com.google.api.server.spi.auth.EspAuthenticator authenticate: Authentication failed: com.google.common.util.concurrent.UncheckedExecutionException: com.google.api.auth.UnauthenticatedException: org.jose4j.jwt.consumer.InvalidJwtException: Unable to process JOSE object (cause: org.jose4j.lang.JoseException: Invalid JOSE Compact Serialization. Expecting either 3 or 5 parts for JWS or JWE respectively but was 2.): ya29.GmAkBDwfsFuyOCL7kqSSLelSHpOb9LJLyewtPfpeH1a4t12i8MWmzHBNliMeR9dAtOSARG2o-QlZEHisfEPYbA-Wb-Eh36zugIufmVbDe4E2TP9StAOjub8nsrhAzuGbolE (EspAuthenticator.java:86)

Also filed an issue here: https://github.com/GoogleCloudPlatform/java-docs-samples/issues/590

2 answers

solution1
 4 ACCPTED  2017-04-06 22:43:56

You should either add GoogleOAuth2Authenticator or EndpointsAuthenticator

EndpointsAuthenticator is a wrapper for GoogleJwtAuthenticator , GoogleAppEngineAuthenticator , GoogleOAuth2Authenticator .

well, your authenticators parameter is supposed to look like 

authenticators = {EspAuthenticator.class, GoogleOAuth2Authenticator.class},

solution2
 0  2017-11-02 11:04:05

It's more simple, you need pass token to appengine.

Once you have the firebase token you have to auth with JSON Web Token I believe this is the EspAuthenticator.class method.

Here is the Authentication using firebase token

Auth JSON WEB TOKEN Firebase Users 

curl \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer ${firebase_token}" \
 -X GET \
 "https://$PROJECT_ID.appspot.com/_ah/api/echo/v1/firebase_user"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Google Cloud Endpoints not showing Map in API explorer Authenticating google cloud api on android Authenticating with Google API library for Java to Google cloud Google Cloud Endpoints Framework API Explorer doesn't work after migration Protect Google Cloud Endpoints from unauthorized users How to add authentication to google cloud endpoints? Using google cloud endpoints on AppEngine using google api explorer to upload data to google cloud storage Authenticating with Google API using AccountManager Google Cloud Endpoints with custom path and API name
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM