为什么我没有收到有关G Suite帐户的Google安全事件? [英] Why am I not receiving Google security events for G Suite accounts?
问题描述
我已按照 ,并使用我们的后端服务器进行了另一层验证,如跨帐户保护注册应用程序时,我只能接收来自个人帐户(以@gmail.com结尾)的事件.
I have successfully implemented Google Sign-In for my application as described here, with an additional layer of validation using our back-end server as described here. However, when I try to register my application for Cross-Account Protection, I'm only able to receive events that come from personal (ending in @gmail.com) accounts.
我的流配置对象如下:
{
"delivery": {
"delivery_method": "https://schemas.openid.net/secevent/risc/delivery-method/push",
"url": MY_RECEIVER_ENDPOINT
},
"events_requested": [
"https://schemas.openid.net/secevent/risc/event-type/account-credential-change-required",
"https://schemas.openid.net/secevent/risc/event-type/account-disabled",
"https://schemas.openid.net/secevent/risc/event-type/sessions-revoked",
"https://schemas.openid.net/secevent/risc/event-type/account-enabled",
"https://schemas.openid.net/secevent/risc/event-type/account-purged",
"https://schemas.openid.net/secevent/risc/event-type/verification",
"https://schemas.openid.net/secevent/oauth/event-type/tokens-revoked"
]
}
当我在Google上注册端点时,我得到200响应代码,并且可以使用以下命令成功测试verify事件:
and when I register the endpoint with Google I get a 200 response code, and can successfully test with verify events using the following:
def test_event_stream(auth_token, nonce):
headers = {'Authorization': 'Bearer {}'.format(auth_token)}
state = {'state': nonce}
response = requests.post('https://risc.googleapis.com/v1beta/stream:verify', json=state, headers=headers)
return response
它也会响应200,并且在我的应用程序日志中看到以下有效负载(在解码jwt令牌之后):
which will also respond with a 200, and I see following payload (after decoding the jwt token) in my application logs:
{
"aud": [
"MY_CLIENT_ID.apps.googleusercontent.com"
],
"events": {
"https://schemas.openid.net/secevent/risc/event-type/verification": {
"state": "MESSAGE at Fri Nov 8 01:31:13 2019"
}
},
"iat": 1573176640,
"iss": "https://accounts.google.com",
"jti": "JTI_VALUE"
}
当我撤消我的安全面板中的应用程序访问权限时,我还可以从我自己的个人Google帐户接收'https://accounts.google.com/risc/event/all-token-revoked'事件,但是当我执行相同的操作时,我的工作帐户(GSuite)却没有收到相同的事件.
I can also receive 'https://accounts.google.com/risc/event/all-token-revoked' events from my own personal Google account when I revoke access from my application in my security panel, but do not receive the same events from my work account (GSuite) when I perform the same actions.
是否需要由我们的GSuite管理员或我在开发人员控制台中为此应用程序启用的设置?在这里的任何帮助将不胜感激,这是一个重要的障碍.
Is there a setting that needs to be enabled either by our GSuite admin or by me in the developer console for this application? Any help here would be greatly appreciated, this is a significant blocker.
推荐答案
此处的简短答案是Google当前不为G Suite帐户发送安全事件.他们在今天的 (11/12/2019)文档中添加了以下内容:
The short answer here is that Google does not currently send security events for G Suite accounts. They added a piece to their documentation today (11/12/2019) with the following:
这篇关于为什么我没有收到有关G Suite帐户的Google安全事件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
