我尝试在标准的appengine中使用Auth0在Python中使用 google endpoints v2 ,但如果我按照文档操作,我的端点将对所有公众开放。 我已证明使用下一个选项和下一个结果:
在我的端点类中:
@endpoints.api(name='ganadero', version='v1',api_key_required=True,
audiences={'auth0_jwk': ['ganadero-api.endpoints.XXXX.appspot.com','https://YYYYY.es','https://ZZZZZ.eu.auth0.com/api/v2/']},
issuers={'auth0_jwk': endpoints.Issuer('https:// ZZZZZ.eu.auth0.com',
'https:// ZZZZZ.eu.auth0.com/.well-known/jwks.json')}) class GanaderoAPI(remote.Service):
我用下一个命令编译:
python lib/endpoints/endpointscfg.py get_openapi_spec main.GanaderoAPI --hostname ganadero-api.endpoints.XXXX.appspot.com
我的ganaderoV1openapi.json是下一个:
"/ganadero/v1/ganadero/ususarios": {
"get": {
"operationId": "GanaderoAPI_obtenerExplotaciones",
"parameters": [
{
"format": "int64",
"in": "query",
"name": "identificador",
"type": "string"
},
{
"in": "query",
"name": "nombre",
"type": "string"
},
{
"in": "query",
"name": "email",
"type": "string"
},
{
"in": "query",
"name": "metadatoEmail",
"type": "string"
}
],
"responses": {
"200": {
"description": "A successful response",
"schema": {
"$ref": "#/definitions/MainMensajeUsuario"
}
}
},
"security": [
{
"api_key": [],
"auth0_jwk": []
}
],
"x-security": [
{
"auth0_jwk": {
"audiences": [
"ganadero-api.endpoints.XXXXX.appspot.com",
"https://YYYYY.es",
"https://ZZZZZ.eu.auth0.com/api/v2/"
]
}
}
]
}
}
},
"produces": [
"application/json"
],
"schemes": [
"http"
],
"securityDefinitions": {
"api_key": {
"in": "query",
"name": "key",
"type": "apiKey"
},
"auth0_jwk": {
"authorizationUrl": "",
"flow": "implicit",
"type": "oauth2",
"x-google-issuer": "https://ZZZZZ.eu.auth0.com",
"x-google-jwks_uri": "https://ZZZZZ.eu.auth0.com/.well-known/jwks.json"
}
},
"swagger": "2.0"
}
接下来,我使用下一个命令:
gcloud service-management deploy ganaderov1openapi.json
Waiting for async operation operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:c1195c3a-9a3f-4c0d-86fa-21f40a8a647e to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:c1195c3a-9a3f-4c0d-86fa-21f40a8a647e
Waiting for async operation operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r2 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r2
Service Configuration [2017-08-27r2] uploaded for service [ganadero-api.endpoints.XXXXX.appspot.com]
To manage your API, go to: https://console.cloud.google.com/endpoints/api/ganadero-api.endpoints.XXXXX.appspot.com/overview?project=ganadero-146707
接下来,我使用:
gcloud app deploy -v endpoint
现在,我的端点正在部署。但问题是我总是在URL中使用API-KEY。在文档中说我可以在标题中使用“x-api-key”,但不是函数。另外,我必须在下一个表单的标题中使用Auth0的access_token:
承载eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlFqbEdNVVEzTkRCR09FUkJPRGxCUTBSR1JUZzJPVUl4UkRjeU0wRXpRVFUwTUVReVEwRkVSQSJ9.eyJpc3MiOiJodHRwczovL3NlcmVuby5ldS5hdXRoMC5jb20vIiwic3ViIjoiWDdDR1dPbkpSczg4ZFdRbjV0eUZtdjVodk5BQ1d6TTNAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZ2FuYWRlcm8uZXMiLCJleHAiOjE1MDM4MzMzMjIsImlhdCI6MTUwMzc0NjkyMiwic2NvcGUiOiIifQ.k0rnc58YfLfAxjQJ7T22jViVAL0-CPqAmOTYSVKUtzDGTvmhrMqLXYYQb35nEsr3uGDfnkUL4O1g3pQkamdKIzz1gstcl_NaizchwtUfl0Wr60_MAP4PH1yyqb5aH7Jn6gBvJPb-aFDCulkHhCq9OjWg9-qLgyO4hd1_F-U4Jq3SMSDrCVyrsZcjJiwhgUmAWmqIuy_fiKCS3CJHF_rnTL3ZIYxfvzPasVzLPPM93vD5mZR8sEhuN1l0AHGprcp4gf0nuLHcMK8ZbYXvcmJyelbIRkGkrLZJFZTUlWKh-4N3nKoZDUVR4JFwTlOXCR8coTTa7JctxZNU9_NqeIeRfg
但是如果我在URL中放入& key = AIzasd0Z4t-8GasfasdfXDqrcKIki6CIog则没有必要。如果只在标题中添加Authorization Bearer“access-token”或添加x-api-key“API-KEY”或添加两个选项,则总会出现下一个错误:
*
401 Method不允许没有建立身份的呼叫者。请 使用API密钥或其他形式的API使用者身份来调用它 API。
*
仅用于下一个表单:
https:// XXXX / _ah / api / ganadero / v1 / ganadero / documentos?idExplotacion = 5668600916475904& key = AIzaSyD0Z4t-V8as345bzLLz2XDqrcKIki6CIog
在我的端点类中:
@endpoints.api(name='ganadero', version='v1',
audiences={'auth0_jwk': ['ganadero-api.endpoints.XXXX.appspot.com','https://YYYYY.es','https://ZZZZZ.eu.auth0.com/api/v2/']},
issuers={'auth0_jwk': endpoints.Issuer('https:// ZZZZZ.eu.auth0.com',
'https:// ZZZZZ.eu.auth0.com/.well-known/jwks.json')})
class GanaderoAPI(remote.Service):
我用下一个命令编译:
python lib/endpoints/endpointscfg.py get_openapi_spec main.GanaderoAPI --hostname ganadero-api.endpoints. XXXX.appspot.com
我的gaanderov1openapi.json是下一个:
"/ganadero/v1/ganadero/ususarios": {
"get": {
"operationId": "GanaderoAPI_obtenerExplotaciones",
"parameters": [
{
"format": "int64",
"in": "query",
"name": "identificador",
"type": "string"
},
{
"in": "query",
"name": "nombre",
"type": "string"
},
{
"in": "query",
"name": "email",
"type": "string"
},
{
"in": "query",
"name": "metadatoEmail",
"type": "string"
}
],
"responses": {
"200": {
"description": "A successful response",
"schema": {
"$ref": "#/definitions/MainMensajeUsuario"
}
}
},
"security": [
{
"auth0_jwk": []
}
],
"x-security": [
{
"auth0_jwk": {
"audiences": [
"https://YYYYY.es",
"https://ZZZZZ.eu.auth0.com/api/v2/"
]
}
}
]
}
}
},
"produces": [
"application/json"
],
"schemes": [
"http"
],
"securityDefinitions":
"auth0_jwk": {
"authorizationUrl": "",
"flow": "implicit",
"type": "oauth2",
"x-google-issuer": "https://ZZZZZ.eu.auth0.com",
"x-google-jwks_uri": "https://ZZZZZ.eu.auth0.com/.well-known/jwks.json"
}
},
"swagger": "2.0"
}
接下来,我使用下一个命令:
gcloud service-management deploy ganaderov1openapi.json
Waiting for async operation operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:b669eef3-97a3-430a-aacc-4a721ebc0db2 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:b669eef3-97a3-430a-aacc-4a721ebc0db2
WARNING: ganaderov1openapi.json: Operation 'delete' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'put' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/animales': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/compraVenta': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/compraventa': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'delete' in path '/ganadero/v1/ganadero/documento': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/documento': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/documentos': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/explotacion': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/usuario': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/ususarios': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
Waiting for async operation operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r1 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r1
Service Configuration [2017-08-27r1] uploaded for service [ganadero-api.endpoints.XXXXX.appspot.com]
To manage your API, go to: https://console.cloud.google.com/endpoints/api/ganadero-api.endpoints.XXXXX.appspot.com/overview?project=ganadero-146707
接下来,我使用:
gcloud app deploy -v endpoint
现在,我的终端正在为每个人进行部署和开放。你可以免费访问它们。他们没有安全感。
https:// XXXX / _ah / api / ganadero / v1 / ganadero / documentos?idExplotacion = 5668600916475904
在我的端点类中:
@endpoints.api(name='ganadero', version='v1',
issuers={'auth0_jwk': endpoints.Issuer('https:// ZZZZZ.eu.auth0.com',
'https:// ZZZZZ.eu.auth0.com/.well-known/jwks.json')})
class GanaderoAPI(remote.Service):
我用下一个命令编译:
python lib/endpoints/endpointscfg.py get_openapi_spec main.GanaderoAPI --hostname ganadero-api.endpoints. XXXX.appspot.com
我的openapi.json是下一个:
"/ganadero/v1/ganadero/ususarios": {
"get": {
"operationId": "GanaderoAPI_obtenerExplotaciones",
"parameters": [
{
"format": "int64",
"in": "query",
"name": "identificador",
"type": "string"
},
{
"in": "query",
"name": "nombre",
"type": "string"
},
{
"in": "query",
"name": "email",
"type": "string"
},
{
"in": "query",
"name": "metadatoEmail",
"type": "string"
}
],
"responses": {
"200": {
"description": "A successful response",
"schema": {
"$ref": "#/definitions/MainMensajeUsuario"
}
}
}
}
}
},
"produces": [
"application/json"
],
"schemes": [
"http"
],
"securityDefinitions": {
"auth0_jwk": {
"authorizationUrl": "",
"flow": "implicit",
"type": "oauth2",
"x-google-issuer": "https://ZZZZZ.eu.auth0.com",
"x-google-jwks_uri": "https://ZZZZZ.eu.auth0.com/.well-known/jwks.json"
}
},
"swagger": "2.0"
}
接下来,我使用下一个命令:
gcloud service-management deploy ganaderov1openapi.json
Waiting for async operation operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:66091d01-910d-485d-af58-1a68a2dd2321 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:66091d01-910d-485d-af58-1a68a2dd2321
WARNING: ganaderov1openapi.json: Operation 'delete' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'put' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/animales': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/compraVenta': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/compraventa': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'delete' in path '/ganadero/v1/ganadero/documento': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/documento': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/documentos': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/explotacion': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/usuario': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/ususarios': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
Waiting for async operation operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r3 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r3
Service Configuration [2017-08-27r3] uploaded for service [ganadero-api.endpoints.XXXXX.appspot.com]
To manage your API, go to: https://console.cloud.google.com/endpoints/api/ganadero-api.endpoints.XXXXX.appspot.com/overview?project=ganadero-146707
接下来,我使用:
gcloud app deploy -v endpoint
现在,我的终端正在为每个人进行部署和开放。你可以免费访问它们。他们没有安全感。
https:// XXXX / _ah / api / ganadero / v1 / ganadero / documentos?idExplotacion = 5668600916475904
答案 0 :(得分:0)
指定受众和发布者控制框架认为哪种授权有效。但是,它本身并不要求存在有效的授权。
Endpoints framework docs有三个步骤用于Auth0;第三步是在要强制执行身份验证的每种方法中检查endpoints.get_current_user()的结果。
这并不完全理想,但这就是现在的方式。