在没有下载密钥的情况下在Google应用引擎上验证服务帐户 [英] Authenticate service account without downloaded key on google app engine
问题描述
在此我使用Service帐户来验证Gmail API,Drive API,日历API等。
它与下载的P12文件一起工作正常。但作为其产品,我不希望客户端在每次安装时都下载并上传应用程序。
有没有办法在没有私钥文件或没有服务帐户的情况下使用该API进行身份验证。
下面的页面提到,系统管理的密钥对由Google自动管理。它可以帮助吗?我没有找到任何示例。
https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys
在下面的链接中,它表明,对于Google Cloud Platform,我应该使用Google Managed Key
https://cloud.google.com/iam/docs/understanding-service-accounts
无需下载文件即可使用此密钥?
谢谢
我可以通过IAM API实现它
https://cloud.google.com/iam /reference/rest/v1/projects.serviceAccounts.keys
以下是Java代码
AppIdentityCredential凭证=新的AppIdentityCredential(
Arrays.asList(https://www.googleapis.com/auth/cloud-platform));
Iam iam =新Iam(httpTRANSPORT,jsonFACTORY,凭证);
try {
Iam.Projects.ServiceAccounts.Keys.Create keyCreate = iam.projects()。serviceAccounts()。keys()
.create(projects / myProject / serviceAccounts / myProject @ appspot.gserviceaccount.com,new CreateServiceAccountKeyRequest());
ServiceAccountKey key = keyCreate.execute();
} catch(IOException e){
System.out.println(e.getMessage());
}
任何密钥都可用于生成GoogleCredential
$ b
InputStream stream = new ByteArrayInputStream(key.decodePrivateKeyData());
GoogleCredential凭证= GoogleCredential.fromStream(流);
I am working on a product that is supposed to be installed in Google App Engine.
In this I am using Service account for authenticating Gmail API, Drive API, Calendar API etc.
Its working fine with downloaded P12 file as authentication. But as its product I don't want client to download and upload on app on every install.
Can there be a way to authenticate it without privatekey file or using that API without service account.
In below page its mentioned that there is System-managed key-pairs are managed automatically by Google. Can it be helpful? I did't find any example of it.
https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys
In below link it suggest that for Google Cloud Platform I should use Google Managed Key https://cloud.google.com/iam/docs/understanding-service-accounts
Can this key used without downloaded file ?
Thanks
I could achieve it by IAM API https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys
Below is Java code for it
AppIdentityCredential credential = new AppIdentityCredential(
Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
Iam iam = new Iam(httpTRANSPORT, jsonFACTORY, credential);
try {
Iam.Projects.ServiceAccounts.Keys.Create keyCreate = iam.projects().serviceAccounts().keys()
.create("projects/myProject/serviceAccounts/myProject@appspot.gserviceaccount.com", new CreateServiceAccountKeyRequest());
ServiceAccountKey key = keyCreate.execute();
} catch (IOException e) {
System.out.println(e.getMessage());
}
Any key can be used to generate GoogleCredential as below
InputStream stream = new ByteArrayInputStream(key.decodePrivateKeyData());
GoogleCredential credential = GoogleCredential.fromStream(stream);
这篇关于在没有下载密钥的情况下在Google应用引擎上验证服务帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
