匿名呼叫者没有storage.objects.get [英] Anonymous caller does not have storage.objects.get

问题描述

在使用Python编写的Google App Engine(GAE)上.

On Google App Engine (GAE) written in Python.

我正在尝试向云语音文本api发出http帖子，并使用URI音频源(Google Cloud Storage Bucket对象).

I am trying to issue an http post to cloud-speech-to-text api and using URI audio source (Google Cloud Storage Bucket Objects).

我正在使用以下标题；

I am using the following headers;

Authorization: BASIC encoded_base64(username:password)

但是我仍然在下面收到错误响应:

But I still keep getting an error response below:

{ 错误": { 代码":403， "message":匿名呼叫者没有storage.objects.get访问bucket_of_secrets/four_score_seven_years.flac."， 状态":"PERMISSION_DENIED" } }

{ "error": { "code": 403, "message": "Anonymous caller does not have storage.objects.get access to bucket_of_secrets/four_score_seven_years.flac.", "status": "PERMISSION_DENIED" } }

所以我有几个问题；

1. BASIC授权标头可以在Google HTTP API中使用吗?
2. 我应该使用什么username:password?是我的GCP帐户电子邮件和密码吗?即handsome_dude@gmail.com:deluded_fool

1. Does BASIC Authorization Header work in Google HTTP API?
2. What username:password should I use? Is it my GCP account email and password? i.e. handsome_dude@gmail.com:deluded_fool

其中handsome_dude@gmail.com是用户名，deluded_fool是密码.

Where handsome_dude@gmail.com is the username and deluded_fool is the password.

我尝试将存储桶对象设置为公共可读，当然http调用可以工作...但是我宁愿避免将存储桶对象设置为公共可读.

I've tried setting the bucket objects to be public readable and of course the http call works... but I would rather avoid setting my bucket objects public readable.

这是一个示例Curl请求:

Here's a sample Curl request:

curl -X POST 

https://speech.googleapis.com/v1/speech:longrunningrecognize?key=<secret_api_key> -d @sample.json -H "Content-Type: application/json, Authorization:  Basic base64encodedusername:password" 

这是使用urlfetch在我的python代码中的摘要:

Here's a snippet in my python code using urlfetch:

url_post = urlfetch.fetch(url=speech_to_text_url_post, payload=json.dumps(data_to_post), method=urlfetch.POST, headers={"Content-Type" : "application/json", "Authorization" : "Basic "+encoded_user_password})

推荐答案

1.BASIC授权标头可以在Google HTTP API中使用吗?

1.Does BASIC Authorization Header work in Google HTTP API?

否，它不适用于Google API. 您需要将OAuth2.0 accessToken作为承载令牌附加到Authorization Header，如Authorization: Bearer ${yourAccessToken}.

No, It is not working on Google APIs. You need to attach OAuth2.0 accessToken to Authorization Header as bearer token like Authorization: Bearer ${yourAccessToken}.

我有2条建议来开发一些在gae上运行的应用程序.

I have 2 recommendations to develop some application running on gae.

1. 使用 ClientLibrary 调用Google API.
>
2. 您可以使用AppEngineDefaultCredential调用Google API. 发出请求之前，请不要忘记为您的AppEngineDefaultServiceAccount (${projectId}@appspot.gserviceaccount.com)设置权限.您可以在云控制台中的IAM页面上配置这些权限.

1. Use ClientLibrary to call Google APIs.
2. You can use AppEngineDefaultCredential to call Google APIs. Do not forget to set permissions to your AppEngineDefaultServiceAccount (${projectId}@appspot.gserviceaccount.com) before issue your request. You can configure those permissions on IAM page in cloud console.

我也建议您阅读有关如何验证api调用的页面.

Also I recommend you to read this page about How to authenticate your api call.

这篇关于匿名呼叫者没有storage.objects.get的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！