我有一个由 Google OAuth 保护的简单 Web 应用程序。所以用户必须使用她的自定义域谷歌帐户登录。Google 使用应用程序可以使用的令牌进行响应。它包含用户电子邮件、姓名等...
无服务器后端是 AWS Lambda,它反过来调用 Google API。该网站将 google 令牌发送到 AWS,AWS 将其发送到 header 中的 Google API Authentication: Bearer ${token}。
问题是,Google API 总是返回错误“无效凭据”
我已经确定,令牌的范围包含对给定 API 的访问,所以我猜它应该可以工作。我错过了什么?
PS:到 AWS Infra 的部署是作为 Pulumi 脚本实现的。
示例代码来说明
const payload = JSON.stringify({ ... some object ... });
const options = {
host: 'www.googleapis.com',
path: '/admin/directory/v1/users',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': payload.length.toString(),
// Token is obtained from browser, but used in context of AWS lambda
'Authorization': `Bearer ${token.token_id}`
}
};
return new Promise(function (resolve, reject) {
try {
let body = new Array<Buffer>();
const request = https.request(options, function (res: any) {
if (res.statusCode != 200) {
reject(res.statusCode);
}
res.on('data', (data: any) => {
body.push(data);
// It seems that the 'request.on('end') is never fired
// I receive the data in the first batch, and that's it
resolve(data.toString());
});
});
request.on('end', () => {
console.error('Request ended');
// at this point, `body` has the entire request body stored in it as a string
let result = Buffer.concat(body).toString();
resolve(result);
});
request.on('error', async (err: Error) => {
console.error('Errooooorrrr request failed');
reject(err);
});
// Write the payload to the body of the request
if (payload) {
request.write(payload);
};
request.end();
}
catch (e) {
console.log('Something unexpected', e);
}
});