0

我正在使用具有 ESPV2Firebase 身份验证和 API 管理的云功能构建经过身份验证的云功能。在身份验证后从 firebase 获得 JWT 令牌后,我尝试使用ascurl中的令牌链接。当我在邮递员中尝试时,我得到了“JWT 验证失败”。当我从我的客户端应用程序中尝试它时,我收到了“错误请求”。除了链接中提到的设置之外,在我提出请求之前我还需要做任何额外的事情吗?AuthorizationBearer

根据要求更新更多详细信息

swagger: "2.0"
info:
  title: My API Endpoints
  description: My API Endpoints
  version: 1.0.0
host: myapi-abcdefg.a.run.app
schemes:
  - https
produces:
  - application/json
securityDefinitions:
  firebase:
    authorizationUrl: ""
    flow: "implicit"
    type: "oauth2"
    x-google-issuer: "https://securetoken.google.com/fan-demand"
    x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com"
    x-google-audiences: "my-google-project-id"
paths:
  /getevents:
    get:
      summary: Get Events
      operationId: getevents
      x-google-backend:
        address: https://us-central1-my-google-project-id.cloudfunctions.net/getevents
        protocol: h2
      security:
        - firebase: []
      responses:
        "200":
          description: A successful response
          schema:
            type: string
        "403":
          description: Failed to authenticate

Firebase部署此服务后,我使用 Dart SDKgetIdToken()中的方法获取 id 令牌。FirebaseJWT 令牌采用 Header.payload.tail 格式。然后我在Authorization标头中添加了带有Bearer + id 令牌的令牌,我得到了以下响应。 在此处输入图像描述

更新:我使用https://cloud.google.com/api-gateway/docs/authenticating-users-firebase而不是 ESP 尝试了新的 API Gateway 产品。

我的配置:

swagger: "2.0"
info:
  title: My API Endpoints
  description: My API Endpoints
  version: 1.0.0
schemes:
  - https
produces:
  - application/json
securityDefinitions:
  firebase:
    authorizationUrl: ""
    flow: "implicit"
    type: "oauth2"
    x-google-issuer: "https://securetoken.google.com/my-project"
    x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com"
    x-google-audiences: "my-project"
paths:
  /getevents:
    get:
      summary: Get Events
      operationId: getevents
      x-google-backend:
        address: https://us-central1-my-project.cloudfunctions.net/getevents
      security:
        - firebase: []
      responses:
        "200":
          description: A successful response
          schema:
            type: string
        "403":
          description: Failed to authenticate

客户端代码: 客户端是在 dart 中开发的,user这里是来自https://pub.dev/documentation/firebase_auth/latest/firebase_auth/User/getIdToken.html的 firebase auth 对象

user.getIdToken().then((token) async {
  final response = await http.get(
      Uri.parse(
          'https://mygateway/getevents'),
      headers: {
        'Content-Type': 'application/json',
        'Accept': 'application/json',
        'Authorization': 'Bearer $token',
      });
  print('Token : ${token}');
  print(response.body);
});

我得到了回应

403 Forbidden - 您的客户端无权获取 URL

4

1 回答 1

0

没有 ESP

云功能需要公开部署(使用allUsers)才能使用 Firebase 身份验证。

当心:

Unlike Google Sign-in above, your function is doing the authentication;
therefore, you will be billed for unauthenticated requests since the function must do work to validate the token.

链接到相关文档

带 ESP

如果您想在其前面使用带有 ESPv2 的云功能,您需要为您的 ESP 创建一个特定的 IAM,以便能够私下触发您的云功能。

To provide API management for Cloud Functions, you deploy the prebuilt ESPv2 container to Cloud Run.

You then secure your functions by using Cloud Functions IAM so that ESPv2 can invoke them.

链接到相关文档

于 2020-11-09T14:05:13.473 回答