如何正确获取在AppEngine上运行的NodeJS中的云函数令牌? [英] How to CORRECTLY get token for Cloud Functions in NodeJS running on AppEngine?
问题描述
我在获取用于触发云功能的正确令牌时遇到问题.
I am having problems getting the correct token for triggering my cloud function.
通过POSTMAN测试时,我通过运行以下命令获取令牌:
When testing through POSTMAN I get the token by running the following command:
gcloud auth print-identity-token
我的功能正常工作.
但是在我的服务器上,我正在使用以下代码.我也确实看到了令牌,但使用此令牌获得了401.
But on my server I am using the following code. I also do see the token but I get 401 with this token.
// Constants------------
const metadataServerTokenURL = 'http://metadata/computeMetadata/v1/instance/service-accounts/default/identity?audience=';
async function gToken(){
let token='';
try{
// Fetch the token
const tokenResponse = await fetch(metadataServerTokenURL + 'https://'+process.env.CLOUD_URL, { //URL WITHOUT THE PATH
headers: {
'Metadata-Flavor': 'Google',
},
});
token = await tokenResponse.text();
} catch (err){
console.log(err);
}
return token;
}
---------编辑-------
调用函数:
app.get("/", async function(req , res){
try {
const token = await getToken();
console.log(`Token: ${token}`);
const functionResponse = await fetch('https://'+process.env.CLOUD_URL+process.env.PATH_TO_FUNC, {
method: 'post',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${token}`},
});
console.log(`Status: ${await functionResponse.status}`);
res.sendStatus(200);
} catch (err){
console.log(err);
res.status(400).send('Something went wrong')
}
})
我的服务器是我在AppEngine上运行的NodeJS代码.请问我在做什么错?
My server is my NodeJS code running on AppEngine. What am I doing wrong please?
----------编辑2 -------------- 我使用两种不同的方式输入了收到的两个令牌,由于某种原因它们显示了不同的信息.请看下面:来自服务器的令牌
----------EDIT 2-------------- I entered the two tokens received using two different ways, they show different information for some reason. Please see below:: Token from the server
在本地使用gcloud命令的令牌(有效)::
Token using gcloud command locally (which works)::
服务器代码和云功能都托管在同一区域中,并且属于同一项目.
Server code and cloud functions are both hosted in the same region, and are a part of the same project.
process.env.CLOUD_URL>"e ****-*** 2-c ******-e ****** 2.cloudfunctions.net"
推荐答案
评论中提到的@Charles和@John是正确的.您应该在受众群体中包括接收函数的名称:
What @Charles and @John mentioned in the comment is correct. You should include the name of the receiving function in the audience:
如 docs 中所述:
在调用功能中,您需要创建一个Google签名的OAuth ID令牌,并将听众(aud)设置为接收功能的网址.
const metadataServerTokenURL = 'http://metadata/computeMetadata/v1/instance/service-accounts/default/identity?audience=';
...
// Fetch the token
const tokenResponse = await fetch(metadataServerTokenURL + `https://${process.env.CLOUD_URL}/${FUNCTION_NAME}`, {
headers: {
'Metadata-Flavor': 'Google',
}
受众应该看起来像您的HTTP触发URL.如果您解码JWT ID令牌,则 aud
如下所示:
The audience should look like your HTTP trigger URL. If you decode your JWT ID token, aud
looks like this:
{
"aud": "https://[REGION]-[PROJECT_ID].cloudfunctions.net/func-post",
"azp": "117513711437850867551",
"exp": 1614653346,
"iat": 1614649746,
"iss": "https://accounts.google.com",
"sub": "117513711437850867551"
}
这篇关于如何正确获取在AppEngine上运行的NodeJS中的云函数令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!