401 Unauthorized When trying to call a google cloud functions
Question
I have a simple node.js function inside Google Cloud Function (that is called from inside my website's code) and I used previously the id_token that I got when I'm connected inside Google Cloud SDK and use this: gcloud auth print-identity-token , but it only last 60 minutes, so after that my application can't use anymore the google cloud function.
So I tried to generate my own token with the help of the service account key: https://cloud.google.com/docs/authentication/production#create_service_account
But I always got a "401 Unauthorized" when I call my link with the "Authorization: Bearer token" header
Maybe it's because I don't know what to put inside the " aud " value (inside the payload array)
<?php
namespace MyProject\Parser;
use Firebase\JWT\JWT;
use GuzzleHttp\Client;
abstract class GoogleCloudParser extends AbstractParser
{
/**
* Returns the HTML for the given URL
* @param string $url
* @return string
* @throws \GuzzleHttp\Exception\GuzzleException
*/
protected function getHTML(string $url): string
{
$cloudFunctionURL = "https://region-project-name.cloudfunctions.net/function-name";
$token = $this->getToken();
$guzzle = new Client();
$response = $guzzle->get($cloudFunctionURL, [
'query' => ['url' => $url],
'headers' => [
'Authorization' => "Bearer " . $token
]
]);
return $response->getBody()->getContents();
}
/**
* Returns the authentification token for google cloud
* @return string
*/
protected function getToken()
{
$privateKey = "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n";
$publicKey = "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n";
$payload = [
'iss' => 'App-Engine-default-service-account@appspot.gserviceaccount.com',
'sub' => 'App-Engine-default-service-account@appspot.gserviceaccount.com',
'aud' => 'bucket-name',
'iat' => time(),
'exp' => (time() + 3600)
];
$header = [
"alg" => "RS256",
"typ" => "JWT",
"kid" => "private_key_id_of_app_engine_default_service-account"
];
$token = JWT::encode($payload, $privateKey, $header["alg"], $header["kid"]);
return $token;
}
}
I tried multiple thing to put on the " aud " but I don't know what to use... I tried to use the bucket name that I got with this: https://github.com/GoogleCloudPlatform/php-docs-samples/blob/78356e87cc54c1d46df52c0d2f47320329957ce5/auth/src/auth_api_explicit.php
With the cmd line: php src/auth_api_explicit.php myGoogleProjectID gcloud-service-account-file.json
I tried to use "https://cloudfunctions.googleapis.com/"...
I tried to put the full link of my function name inside the google cloud functions.
And I think I have set up everything inside the IAM & Google Cloud platform for my service account.
Any help on this please?
1 answers
solution1
0 2021-07-30 18:50:34
在 GCP 中使用您的唯一名称创建 S3 存储桶,并在此处使用该存储桶名称作为 AUD。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.