我一直在尝试使用 Firebase 身份验证设置我的 EndpointsV2 后端(已启用计费),但是当我尝试生成 OpenAPI 规范或401 Unauthorized访问 API 时总是出现错误。
我当前的配置如下(生成 OpenAPI 时出错):
主要.py:
firebase_issuer = endpoints.Issuer(
issuer='https://securetoken.google.com/[GAE/FIREBASE_APP_ID]',
jwks_uri=('https://www.googleapis.com/service_accounts/v1/metadata/x509/'
'securetoken@system.gserviceaccount.com'))
issuers = {
"firebase": firebase_issuer
}
@endpoints.api("user", "v1", api_key_required=True,
issuers=issuers)
class UserApi(remote.Service):
@models.UserModel.query_method(
user_required=True,
path="info",
name="user.info",
http_method="GET")
def info(self, query):
return query.filter(
models.UserModel.owner == endpoints.get_current_user())
OpenAPI Gen 上的错误:
$ python lib/endpoints/endpointscfg.py get_openapi_spec main.UserApi --hostname [SERVICE-NAME].endpoints.[GAE_APP_ID].appspot.com
No handlers could be found for logger "endpoints.apiserving"
Traceback (most recent call last):
File "lib/endpoints/endpointscfg.py", line 633, in <module>
main(sys.argv)
File "lib/endpoints/endpointscfg.py", line 629, in main
args.callback(args)
File "lib/endpoints/endpointscfg.py", line 487, in _GenOpenApiSpecCallback
application_path=args.application)
File "lib/endpoints/endpointscfg.py", line 332, in _GenOpenApiSpec
application_path=application_path)
File "lib/endpoints/endpointscfg.py", line 214, in GenApiConfig
services, hostname=hostname))
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 973, in pretty_print_config_to_json
descriptor = self.get_openapi_dict(services, hostname)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 959, in get_openapi_dict
return self.__api_openapi_descriptor(services, hostname=hostname)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 872, in __api_openapi_descriptor
security_definitions)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 691, in __method_descriptor
service.api_info.audiences, security_definitions)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 722, in __x_security_descriptor
_INVALID_AUTH_ISSUER % default_auth_issuer)
api_exceptions.ApiConfigurationError: No auth issuer named google_id_token defined in this Endpoints API.
该错误使我认为,如果我只是简单地交换它"firebase"可能会起作用,但我已经尝试过并且刚刚得到 401。"google_id_token"issuers
我也开始在 GAE Logging 中看到这个错误:
Cannot decode and verify the auth token. The backend will not be able to retrieve user info (/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/control/wsgi.py:588)
Traceback (most recent call last):
File "/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/control/wsgi.py", line 585, in __call__
service_name)
File "/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/auth/tokens.py", line 83, in authenticate
"allow provider id: " + provider_id)
UnauthenticatedException: The requested method does not allow provider id: google_id_token
我在测试中发送的 idToken(通过 Postman 使用 header 完成Authorization: Bearer [idToken])是使用生成的pyrebase,我检查了jwt.io以确认它实际上是一个有效的令牌。
我最初的想法是我没有audiences正确设置,但我不确定它应该是什么(尽管我尝试从 API Manager > Credentials 附加一个 ClientID)。
endpoints-proto-datastore是否可以在 endpointsv2 框架上使用 firebase 进行身份验证?如果是这样,我需要做些什么不同的事情才能让它发挥作用?如果没有,我拥有的代码是否可以在不使用的情况下立即工作endpoints-proto-datastore?
编辑:
看起来这是端点库本身的问题
https://github.com/cloudendpoints/endpoints-python/issues/32