如何从Google Cloud Endpoint上的GAE标准对Python库进行身份验证检查
问题描述:
我试图使用Google Service帐户对Google Cloud Endpoints API实施服务到服务身份验证,但出现以下错误。如何从Google Cloud Endpoint上的GAE标准对Python库进行身份验证检查
Cannot decode and verify the auth token. The backend will not be able to retrieve user info (.../lib/endpoints_management/control/wsgi.py:596)
Traceback (most recent call last):
File ".../lib/endpoints_management/control/wsgi.py", line 593, in __call__
service_name)
File ".../lib/endpoints_management/auth/tokens.py", line 81, in authenticate
error)
UnauthenticatedException: (u'Cannot decode the auth token', UnicodeDecodeError('ascii', '\xc9\xad\xbd', 0, 1, 'ordinal not in range(128)'))
价值传递给self.get_jwt_claims(AUTH_TOKEN)的auth_token变量是:
ya29.ElmlBB1mwIfrsnURUIQg0Nv6v5UPzFR02miD4w_VywMSlWGDstpmmc5vPsmUqt5rCcho797B1HeEOgT0UBQiVfv9dlsfxSMLRf67SGwX0ceK5uTujj4_tSUXog
貌似端点库正试图解码的auth_token为智威汤逊,但AUTH_TOKEN不智威汤逊。但也许我错了。当我尝试使用API Explorer测试API时发生同样的问题。这发生在最新的端点和旧版本。
这里是我的API类:
@endpoints.api(
name='myapi',
version='v1',
api_key_required=True,
auth_level=endpoints.AUTH_LEVEL.REQUIRED,
scopes=(
endpoints.EMAIL_SCOPE,
),
)
class MyApi(remote.Service):
...
这也是我如何我访问API:
credentials = ServiceAccountCredentials.from_json_keyfile_dict(
json.loads(json_keyfile_data),
scopes='https://www.googleapis.com/auth/userinfo.email',
)
service = build(
name, version,
http=credentials.authorize(Http()),
discoveryServiceUrl=discovery_url)
...
我做的东西,从或有在Python终端库中的缺陷?
答
Google Cloud Endpoints预计JWT id_token,这就是self.get_jwt_claims(auth_token)失败的原因。以下是服务到服务认证的深入解释:https://cloud.google.com/endpoints/docs/service-to-service-auth。