我正在尝试在AppEngine标准环境服务中创建一个GoogleCloudEndpoints,它有两种身份验证方法:apiKey和默认GAE服务帐户。你知道吗
apiKey身份验证工作正常,但是“service_to_service_gae”身份验证提供:
401 Method does not allow callers without established identity. Please use an API key or other form of API consumer identity to call this API.
我正在用以下内容装饰端点:
@endpoints.api(
name='widgets',
version='v1',
base_path='/api/',
api_key_required=True,
allowed_client_ids=['XXXX@appspot.gserviceaccount.com'])
class WidgetsApi(remote.Service):
...
并基于sample client from github使用此代码调用API
SERVICE_ACCOUNT_EMAIL = 'XXXX@appspot.gserviceaccount.com'
def generate_jwt():
"""Generates a signed JSON Web Token using the Google App Engine default
service account."""
now = int(time.time())
header_json = json.dumps({
"typ": "JWT",
"alg": "RS256"})
payload_json = json.dumps({
"iat": now,
# expires after one hour.
"exp": now + 3600,
# iss is the service account email.
"iss": SERVICE_ACCOUNT_EMAIL,
"sub": SERVICE_ACCOUNT_EMAIL,
"email": SERVICE_ACCOUNT_EMAIL,
"aud": 'https://api-dot-XXXX.appspot.com',
})
header_and_payload = '{}.{}'.format(
base64.urlsafe_b64encode(header_json),
base64.urlsafe_b64encode(payload_json))
(key_name, signature) = app_identity.sign_blob(header_and_payload)
signed_jwt = '{}.{}'.format(
header_and_payload,
base64.urlsafe_b64encode(signature))
return signed_jwt
def make_request(signed_jwt):
"""Makes a request to the auth info endpoint for Google JWTs."""
headers = {'Authorization': 'Bearer {}'.format(signed_jwt)}
conn = httplib.HTTPSConnection('api-dot-XXXX.appspot.com')
url = '/api/widgets/v1/list'
conn.request("POST", url, urllib.urlencode({'search': ''}), headers)
res = conn.getresponse()
conn.close()
return res.read()
我是否忘记了端点装饰器或任何其他配置中的某些内容?或者端点装饰器只接受一种身份验证方法? 我认为在同一个GAE std实例中从一个服务到另一个服务的调用是很简单的。sample client有点混乱(至少对我来说是这样),例如make_request请求('/auth/info/googlejwt')获取jwt令牌,但是什么时候调用实际的端点?你知道吗
提前谢谢,新年快乐!!!你知道吗
当
api_key_required
为true时,除了任何jwt之外,还必须在请求中提供API键。你知道吗相关问题 更多 >
编程相关推荐