AppIdentityError：在验证不记名令牌时收件人错误 [英] AppIdentityError: Wrong recipient while verifying Bearer token

问题描述

我们在我们的应用程序中使用一键式操作电子邮件标记。我们的电子邮件已被列入电子邮件ID（XXX@YYY.com），我们将发送电子邮件。

We are using One Click Action Email Markup in our application. Our email has been white-listed the email id (XXX@YYY.com) from which we are sending the emails.

我们正在收到 AppIdentityError：错误的收件人，当我们尝试验证持票人令牌时。完整的堆栈跟踪：

We are getting AppIdentityError: Wrong recipient, when we try to verify the Bearer Token. Complete stacktrace:

文件./app/components/happier_pages/py/lib/oauth2client/util.py，
第142行，在locations_wrapper
中返回包装（* args，** kwargs）文件./app/components/happier_pages/py/lib/oauth2client/client.py，行
1706，在verify_id_token中
返回crypt.verify_signed_jwt_with_certs（id_token，certs，audience）文件
./app/components/happier_pages/py/lib/oauth2client/crypt.py，行
170，位于verify_signed_jwt_with_certs（aud ，audience，json_body））
AppIdentityError：错误的收件人，domain.com！=
服务帐户ID
{iss：accounts.google.com， AUD： mydomain.com， 子： 1234556789， email_verified：真实的， AZP： gmail@system.gserviceaccount.com， ID： 123456789， verified_email： true，email：gmail@system.gserviceaccount.com，cid：gmail@system.gserviceaccount.com，iat：123，exp：123}

File "./app/components/happier_pages/py/lib/oauth2client/util.py", line 142, in positional_wrapper return wrapped(*args, **kwargs) File "./app/components/happier_pages/py/lib/oauth2client/client.py", line 1706, in verify_id_token return crypt.verify_signed_jwt_with_certs(id_token, certs, audience) File "./app/components/happier_pages/py/lib/oauth2client/crypt.py", line 170, in verify_signed_jwt_with_certs (aud, audience, json_body)) AppIdentityError: Wrong recipient, "domain.com" != "service-account-id" {"iss":"accounts.google.com","aud":"mydomain.com","sub":"1234556789","email_verified":true,"azp":"gmail@system.gserviceaccount.com","id":"123456789","verified_email":true,"email":"gmail@system.gserviceaccount.com","cid":"gmail@system.gserviceaccount.com","iat":123,"exp":123}

以下是用于验证持票人付款的代码片段en：

Below is code snippet for verifying bearer token:

GMAIL_ISSUEE = 'gmail@system.gserviceaccount.com'
GOOGLE_API_CLIENT_SERVICE_ID = 'xxxxx@developer.gserviceaccount.com'
BEARER_TOKEN=self.request.headers["Authorization"].split('Bearer ')[1]
token = client.verify_id_token(BEARER_TOKEN.strip(), GOOGLE_API_CLIENT_SERVICE_ID)

以上代码是从 https： //developers.google.com/gmail/markup/actions/verifying-bearer-tokens ：

推荐答案

@萨加已经证实了这一点。

@Sagar has confirmed this has worked.

而不是：

Instead of:

client.verify_id_token(BEARER_TOKEN, GOOGLE_API_CLIENT_SERVICE_ID) 

使用sender域作为目标受众：

Use the sender domain as the intended audience:

client.verify_id_token(BEARER_TOKEN, "yourdomain.com")

这篇关于AppIdentityError：在验证不记名令牌时收件人错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！