Question

我们在容器引擎内部使用ESP（不是作为appengine的一部分）。我们部署了以下swagger文件：

security:
 - oauth_our_oauth:
   - default_auth
# This section requires all requests to any path to require an API key.
securityDefinitions:
 oauth_our_oauth:
     authorizationUrl: "https://OUR_ACCOUNT.auth0.com/authorize"
     flow: "implicit"
     type: "oauth2"
     x-issuer: "https://OUR_ACCOUNT.auth0.com/"
     # Update this with your service account's email address.
     x-jwks_uri: "https://OUR_ACCOUNT.auth0.com/.well-known/jwks.json"
     scopes:
       default_auth: All endpoints

然而，当我们在没有任何身份验证的情况下点击我们的端点时，请求很快就会通我们设置错了吗？

Answer 1

应在x-security部分中引用OAuth定义。

x-security:
  - oauth_our_oauth:
      audiences:
      # This must match the "aud" field in the JWT. You can add multiple
      # audiences to accept JWTs from multiple clients.
      - "echo.endpoints.sample.google.com"

示例https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/appengine/flexible/endpoints/swagger.yaml

云端点可扩展服务代理不遵守安全定义

1 个答案: