Google AI Predict API:网站匿名身份验证 [英] Google AI Predict API: anonymous authentication for website
问题描述
阅读这些问答后,
我仍然不知道如何为不需要任何登录或 OAuth 屏幕的 AI Platform Predict API 启用简单身份验证.
我的场景是这样的:我们有一个静态网站,允许用户输入一些数据,网站(客户端)通过API将数据发送给模型进行预测,当结果返回时,网站显示他们给用户.我们不希望用户必须以任何方式登录或表明身份.只需输入一些数据,按一下按钮,即可获得结果.
然而,就我所能搜索的而言,没有办法做到这一点(我认为关于身份验证的文档令人困惑,有多个重叠的文章,很难确定哪些适用于特定的案件);您必须使用某种 OAuth,让用户使用 Google 帐户登录.
真的没有办法让网站本身而不是个人用户进行身份验证吗?例如.使用 API 密钥或服务帐号密钥?
如果 OAuth 是唯一的方式,这是否意味着想要使用该网站的用户必须拥有 Google 帐户?以及如何启用它:我应该创建 OAuth 客户端 ID,还是 OAuth 同意屏幕?
这里推荐的做法是所有 OAuth 都应该发生在服务器端,其中 GCP 服务帐户 JSON 密钥存储在某些后端服务器.
我将假设您的网站托管在 App Engine 上来回答您的问题,但是您的网站可以托管在其他 GCP 产品上的任何位置,如 Cloud Run 或任何其他托管服务提供商.>
- 在后端网络服务器中,您可以使用 服务帐户 JSON 发出 AI Platform 预测请求,然后您需要配置您的网站以与此后端通信.
网站----对App Engine URL的HTTP请求------>App Engine(代码---)-------->人工智能平台
因此 App Engine 后端代表网站客户端执行身份验证,正如 Lak 在此处所阐明的那样;由于这些请求将传递您的 GCP 服务帐号 JSON 密钥,因此它们可以获得将特定 HTTP 请求发送到其后端服务器的权限,从而进行 AI Platform 调用.
在您的情况下,您不希望用户访问您的 Google 数据,您只是想让他们访问您自己的 AI Platform 模型.
<块引用>基本上,您可以在服务器端使用客户端库,它会自动为您执行 OAuth,只要将环境变量设置为服务帐户密钥即可.
注意:如果您想访问某人的 Google 资源(例如 Google 文档、日历、GCP 项目等),您仅需要执行 Google OAuth
After reading each of these Q&As,
- google api machine learning can I use an API KEY?
- how to use google AI platform online predictions?
- How to authenticate GCP AI Platform Predictions using HTTP requests
I am still at a loss to know how to enable simple authentication for the AI Platform Predict API that doesn't need any sign-ins or OAuth screens.
My scenario is the following: we have a static website which allows the user to enter some data, the website (client) sends the data to the model for prediction via the API, and when the results come back, the website shows them to the user. We don't want the user to have to sign in or identify themselves in any way. Just input some data, push a button, and get the results.
However, as far as I've been able to search, there is no way of doing this (the documentation on authentication is in my view confusing, there are multiple overlapping articles and it is difficult to determine what applies in a specific case); you have to use some sort of OAuth which makes the user sign in with a Google account.
Is there really no way to have the website itself authenticated but not the individual users? E.g. using an API key or service account key?
If OAuth is the only way, does that mean users who want to use the website must have a Google Account? And how do I enable it: should I create an OAuth Client ID, or is it the OAuth consent screen?
The recommended practice here is that all the OAuth should happen server-side, where the GCP Service Account JSON key is stored on some backend server.
I am going to answer your question by assuming that your website is hosted on App Engine, but your website could be hosted any where on other GCP products as Cloud Run or any other hosting providers.
- In backend webserver you can make the AI Platform predict request using Service Account JSON, then you would need to configure your website to talk to this backend.
Website ----HTTP Request to App Engine URL------> App Engine (code---)--------> AI Platform
So the App Engine backend performs the authentication on behalf of the website client, as Lak clarifies here; since the requests will be passing your GCP Service Acount JSON Key, then they gain access to send the specific HTTP requests to their backend server, which makes the AI Platform calls.
In your case, you do not want the users to access your Google data, you simply want provide them access to your own AI Platform model.
Basically you can just use Client Library on server-side and it automatically does OAuth for you, as long as environment variable is set to Service Account key.
Note: You only need to do Google OAuth IF you want access to a person's Google resources (e.g Google Doc, Calendar, GCP project, etc)
这篇关于Google AI Predict API:网站匿名身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!