我们在容器引擎内部使用ESP(不是作为appengine的一部分)。我们部署了以下swagger文件:
security:
- oauth_our_oauth:
- default_auth
# This section requires all requests to any path to require an API key.
securityDefinitions:
oauth_our_oauth:
authorizationUrl: "https://OUR_ACCOUNT.auth0.com/authorize"
flow: "implicit"
type: "oauth2"
x-issuer: "https://OUR_ACCOUNT.auth0.com/"
# Update this with your service account's email address.
x-jwks_uri: "https://OUR_ACCOUNT.auth0.com/.well-known/jwks.json"
scopes:
default_auth: All endpoints
然而,当我们在没有任何身份验证的情况下点击我们的端点时,请求很快就会通我们设置错了吗?
答案 0 :(得分:1)
应在x-security部分中引用OAuth定义。
x-security:
- oauth_our_oauth:
audiences:
# This must match the "aud" field in the JWT. You can add multiple
# audiences to accept JWTs from multiple clients.
- "echo.endpoints.sample.google.com"