如何通过Lambda AWS认证Google API？ [英] How to oAuth Google API from Lambda AWS?

问题描述

我正在为Google日历构建Alexa Skill。客户端代码可以在本地计算机上按预期工作，因为我可以使用链接对本地计算机进行身份验证。但是，当我在AWS Lambda上部署代码时，由于无法通过AWS控制台输入代码，因此无法进行身份验证。

I am building Alexa Skill for Google calendar. The client side code works as expected on local machine because I can authenticate the local machine using the link. But, when I deploy the code on AWS Lambda there is no way that I can authenticate as I cannot input code via AWS console.

我在设置身份验证时遇到了麻烦部署在AWS lambda上的Google Calendar API
的数量。

I am getting trouble in setting up authentication of Google Calendar API when deployed on AWS lambda.

此文档对我没有多大帮助
Google实施服务器端身份验证

This documentation doesn't help much to me Google Implementing Server Side Authentication

推荐答案

您应该创建一个服务帐户。这些是专门为服务器到服务器的通信而设计的。可以在以下位置找到文档： https://developers.google.com/identity/protocols/OAuth2ServiceAccount

You should create a service account. Those are designed especially for server-to-server communication. Documentation can be found here: https://developers.google.com/identity/protocols/OAuth2ServiceAccount

其他答案的解决方案存在的问题是：

The problems with the solutions from other answers are:

• API密钥不安全


• 访问令牌（例如通过CLI命令 gcloud auth print-access-token 获取）已过期。由于Lambda是无状态的，因此无法临时存储令牌并在令牌过期时刷新令牌。

• API keys are insecure
• Access tokens (e.g. obtained by the CLI command gcloud auth print-access-token) expire. Since Lambdas are stateless, there's no way to store a token temporarily and refresh it when it's expired.

这篇关于如何通过Lambda AWS认证Google API？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！