我正在尝试使用Google服务帐户对Google Cloud Endpoints API实施服务到服务身份验证,但会收到以下错误 .
Cannot decode and verify the auth token. The backend will not be able to retrieve user info (.../lib/endpoints_management/control/wsgi.py:596)
Traceback (most recent call last):
File ".../lib/endpoints_management/control/wsgi.py", line 593, in __call__
service_name)
File ".../lib/endpoints_management/auth/tokens.py", line 81, in authenticate
error)
UnauthenticatedException: (u'Cannot decode the auth token', UnicodeDecodeError('ascii', '\xc9\xad\xbd', 0, 1, 'ordinal not in range(128)'))
传递给self.get_jwt_claims(auth_token)的auth_token变量的值是:
ya29.ElmlBB1mwIfrsnURUIQg0Nv6v5UPzFR02miD4w_VywMSlWGDstpmmc5vPsmUqt5rCcho797B1HeEOgT0UBQiVfv9dlsfxSMLRf67SGwX0ceK5uTujj4_tSUXog
看起来 endpoints 库试图将auth_token解码为jwt,但auth_token不是jwt . 但也许我错了 . 当我尝试使用API Explorer测试API时会出现同样的问题 . 最新的 endpoints 和旧版本都会发生这种情况 .
这是我的API类:
@endpoints.api(
name='myapi',
version='v1',
api_key_required=True,
auth_level=endpoints.AUTH_LEVEL.REQUIRED,
scopes=(
endpoints.EMAIL_SCOPE,
),
)
class MyApi(remote.Service):
...
这就是我访问API的方式:
credentials = ServiceAccountCredentials.from_json_keyfile_dict(
json.loads(json_keyfile_data),
scopes='https://www.googleapis.com/auth/userinfo.email',
)
service = build(
name, version,
http=credentials.authorize(Http()),
discoveryServiceUrl=discovery_url)
...
我在做什么,或者Python endpoints 库中有错误吗?
1 回答
Google Cloud Endpoints需要JWT id_token,这就是self.get_jwt_claims(auth_token)失败的原因 . 以下是服务到服务身份验证的深入说明:https://cloud.google.com/endpoints/docs/service-to-service-auth .