问题描述
我试图使用Google服务帐户对Google Cloud Endpoints API实施服务到服务的身份验证,但会收到以下错误消息。 $ b
无法解码和验证身份验证令牌。后端将无法检索用户信息(... / lib / endpoints_management / control / wsgi.py:596)
Traceback(最近一次调用最后一次):
文件... / lib /endpoints_management/control/wsgi.py,第593行,在__call__
service_name)
文件... / lib / endpoints_management / auth / tokens.py,第81行,进行身份验证
错误)
UnauthenticatedException:(u'Cannot解码auth标记',UnicodeDecodeError('ascii','\xc9\xad\xbd',0,1,'ordinal not in range(128)' ))
传递给self.get_jwt_claims(auth_token)的auth_token变量值为:
'pre>
ya29.ElmlBB1mwIfrsnURUIQg0Nv6v5UPzFR02miD4w_VywMSlWGDstpmmc5vPsmUqt5rCcho797B1HeEOgT0UBQiVfv9dlsfxSMLRf67SGwX0ceK5uTujj4_tSUXog
看起来端点库试图将auth_token解码为jwt,但auth_token不是jwt。但也许我错了。当我尝试使用API Explorer测试API时发生同样的问题。这发生在最新的端点和旧版本中。
这是我的API类:
@ endpoints.api(
name ='myapi',
version ='v1',
api_key_required = True,
auth_level = endpoints.AUTH_LEVEL。所需的
范围=(
endpoints.EMAIL_SCOPE,
),
)
类MyApi(remote.Service):
...
这就是我如何访问API:
凭证= ServiceAccountCredentials.from_json_keyfile_dict(
json.loads(json_keyfile_data),
scopes ='https://www.googleapis.com/auth/userinfo。电子邮件',
)
服务=构建(
名称,版本,
http = credentials.authorize(Http()),
discoveryServiceUrl = discovery_url)
...
我是从Python端点库中进行一些操作还是存在一个错误?
Goog le Cloud Endpoints预计JWT id_token,这就是self.get_jwt_claims(auth_token)失败的原因。以下是服务到服务认证的深入解释:。
I'm trying to implement service-to-service authentication to Google Cloud Endpoints API using Google Service account, but get the following error.
Cannot decode and verify the auth token. The backend will not be able to retrieve user info (.../lib/endpoints_management/control/wsgi.py:596)
Traceback (most recent call last):
File ".../lib/endpoints_management/control/wsgi.py", line 593, in __call__
service_name)
File ".../lib/endpoints_management/auth/tokens.py", line 81, in authenticate
error)
UnauthenticatedException: (u'Cannot decode the auth token', UnicodeDecodeError('ascii', '\xc9\xad\xbd', 0, 1, 'ordinal not in range(128)'))
Value of auth_token variable passed to self.get_jwt_claims(auth_token) is :
ya29.ElmlBB1mwIfrsnURUIQg0Nv6v5UPzFR02miD4w_VywMSlWGDstpmmc5vPsmUqt5rCcho797B1HeEOgT0UBQiVfv9dlsfxSMLRf67SGwX0ceK5uTujj4_tSUXog
Looks like endpoints library is trying to decode auth_token as jwt, but auth_token is not jwt. But maybe I'm wrong. Same problem occurs when I'm trying to test API using API Explorer. This happens with the latest endpoints and also with older version.
Here is my API class:
@endpoints.api(
name='myapi',
version='v1',
api_key_required=True,
auth_level=endpoints.AUTH_LEVEL.REQUIRED,
scopes=(
endpoints.EMAIL_SCOPE,
),
)
class MyApi(remote.Service):
...
And this is how i I'm accessing the API:
credentials = ServiceAccountCredentials.from_json_keyfile_dict(
json.loads(json_keyfile_data),
scopes='https://www.googleapis.com/auth/userinfo.email',
)
service = build(
name, version,
http=credentials.authorize(Http()),
discoveryServiceUrl=discovery_url)
...
Am I doing something from or is there a bug in Python endpoints library?
Google Cloud Endpoints expects JWT id_token, that's the reason why self.get_jwt_claims(auth_token) fails. Here is in-depth explanation of service-to-service authentication: https://cloud.google.com/endpoints/docs/service-to-service-auth.
这篇关于如何根据GAE标准从Google Cloud Endpoints在Python库中进行身份验证检查的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!