匿名呼叫者没有storage.objects.get [英] Anonymous caller does not have storage.objects.get
问题描述
在使用Python编写的Google App Engine(GAE)上.
On Google App Engine (GAE) written in Python.
我正在尝试向云语音文本api发出http帖子,并使用URI音频源(Google Cloud Storage Bucket对象).
I am trying to issue an http post to cloud-speech-to-text api and using URI audio source (Google Cloud Storage Bucket Objects).
我正在使用以下标题;
I am using the following headers;
Authorization: BASIC encoded_base64(username:password)
但是我仍然在下面收到错误响应:
But I still keep getting an error response below:
{ 错误": { 代码":403, "message":匿名呼叫者没有storage.objects.get访问bucket_of_secrets/four_score_seven_years.flac.", 状态":"PERMISSION_DENIED" } }
{ "error": { "code": 403, "message": "Anonymous caller does not have storage.objects.get access to bucket_of_secrets/four_score_seven_years.flac.", "status": "PERMISSION_DENIED" } }
所以我有几个问题;
- BASIC授权标头可以在Google HTTP API中使用吗?
- 我应该使用什么
username:password
?是我的GCP帐户电子邮件和密码吗?即handsome_dude@gmail.com:deluded_fool
- Does BASIC Authorization Header work in Google HTTP API?
- What
username:password
should I use? Is it my GCP account email and password? i.e.handsome_dude@gmail.com:deluded_fool
其中handsome_dude@gmail.com
是用户名,deluded_fool
是密码.
Where handsome_dude@gmail.com
is the username and deluded_fool
is the password.
我尝试将存储桶对象设置为公共可读,当然http调用可以工作...但是我宁愿避免将存储桶对象设置为公共可读.
I've tried setting the bucket objects to be public readable and of course the http call works... but I would rather avoid setting my bucket objects public readable.
这是一个示例Curl请求:
Here's a sample Curl request:
curl -X POST
https://speech.googleapis.com/v1/speech:longrunningrecognize?key=<secret_api_key> -d @sample.json -H "Content-Type: application/json, Authorization: Basic base64encodedusername:password"
这是使用urlfetch在我的python代码中的摘要:
Here's a snippet in my python code using urlfetch:
url_post = urlfetch.fetch(url=speech_to_text_url_post, payload=json.dumps(data_to_post), method=urlfetch.POST, headers={"Content-Type" : "application/json", "Authorization" : "Basic "+encoded_user_password})
推荐答案
1.BASIC授权标头可以在Google HTTP API中使用吗?
1.Does BASIC Authorization Header work in Google HTTP API?
否,它不适用于Google API.
您需要将OAuth2.0 accessToken作为承载令牌附加到Authorization Header,如Authorization: Bearer ${yourAccessToken}
.
No, It is not working on Google APIs.
You need to attach OAuth2.0 accessToken to Authorization Header as bearer token like Authorization: Bearer ${yourAccessToken}
.
我有2条建议来开发一些在gae上运行的应用程序.
I have 2 recommendations to develop some application running on gae.
- 使用 ClientLibrary 调用Google API. >
- 您可以使用
AppEngineDefaultCredential
调用Google API. 发出请求之前,请不要忘记为您的AppEngineDefaultServiceAccount (${projectId}@appspot.gserviceaccount.com)
设置权限.您可以在云控制台中的IAM页面上配置这些权限.
- Use ClientLibrary to call Google APIs.
- You can use
AppEngineDefaultCredential
to call Google APIs. Do not forget to set permissions to yourAppEngineDefaultServiceAccount (${projectId}@appspot.gserviceaccount.com)
before issue your request. You can configure those permissions on IAM page in cloud console.
我也建议您阅读有关如何验证api调用的页面.
Also I recommend you to read this page about How to authenticate your api call.
这篇关于匿名呼叫者没有storage.objects.get的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!