使用Google Cloud Endpoints进行非OAuth2 JWT验证 [英] Non-OAuth2 JWT validation with Google Cloud Endpoints

查看:90
本文介绍了使用Google Cloud Endpoints进行非OAuth2 JWT验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在Google Cloud Platform上部署了一个API,并且使用Google Cloud Endpoints作为API Manager.对于那些熟悉端点的人,我在 ESP : //cloud.google.com/kubernetes-engine/"rel =" nofollow noreferrer> GKE .我的API用作部署在Google Actions上的操作的Webhook.在API方面,我需要验证该请求是否实际上来自Google的Actions.

I have an API deployed on Google Cloud Platform, with Google Cloud Endpoints as the API Manager. For those who are familiar with Endpoints, I'm using the ESP on GKE. My API serves as a webhook for an action deployed on Actions On Google. On the API side, I need to verify that the request is actually coming from Actions On Google.

文档中所述,请求来自操作在Google上,授权"标头中包含令牌(JWT格式)

As stated in the doc, the request coming from Actions On Google contains a token (JWT format) in the Authorization header

authorization: "<JWT token>"

所以我需要使用Cloud Endpoints验证此令牌.

So I need to verify this token with Cloud Endpoints.

Cloud Endpoints使用OpenAPI 2.0(又名Swagger)和规范仅提及以下安全方案:基本","apiKey"或"oauth2".似乎Google Actions使用的内容并非基于其中之一.

Cloud Endpoints uses OpenAPI 2.0 (aka Swagger) and the specification mentions only the following security schemes: "basic", "apiKey" or "oauth2". It seems that what Actions On Google uses is not based on one of them.

我尝试使用以下OpenAPI定义将JWT视为OAuth2令牌:

I tried to consider the JWT as an OAuth2 token using the following OpenAPI definition: 

securityDefinitions:
  ActionsOnGoogle:
    authorizationUrl: ""
    type: "oauth2"
    flow: "implicit"
    x-google-issuer: "https://accounts.google.com"
    x-google-jwks_uri: "https://www.googleapis.com/oauth2/v3/certs"
    audiences: "{{ my-gcp-project-id }}"

之所以不起作用,是因为Cloud Endpoints ESP会检查Authorization标头的值以"Bearer"开头,否则它将拒绝该请求(

It did not work because Cloud Endpoints ESP checks that the value of the Authorization header starts with "Bearer", otherwise it rejects the request (code)

第二个选择是将Authorization标头中的JWT视为API密钥.但是Cloud Endpoints仅支持由GCP管理的API密钥.

My second option was to consider the JWT in the Authorization header as an API key. But Cloud Endpoints supports only API keys managed by GCP.

是否可以使用Google Cloud Endpoints验证来自Google Actions的请求?

Is it possible to validate requests coming from Actions On Google with Google Cloud Endpoints?

推荐答案

对不起,当前ESP不支持从以下格式提取JWT:

Sorry, currently ESP doesn't support extracting JWT from this format:

authorization: "<JWT token>"

这篇关于使用Google Cloud Endpoints进行非OAuth2 JWT验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆