我一直在尝试使用Firebase身份验证设置我的EndpointsV2后端(已启用结算),但在尝试生成OpenAPI规范时总是出现错误,或者{I} {访问API。
我当前的配置如下(OpenAPI生成错误):
main.py:
401 UnauthorizedOpenAPI Gen上的错误:
firebase_issuer = endpoints.Issuer(
issuer='https://securetoken.google.com/[GAE/FIREBASE_APP_ID]',
jwks_uri=('https://www.googleapis.com/service_accounts/v1/metadata/x509/'
'securetoken@system.gserviceaccount.com'))
issuers = {
"firebase": firebase_issuer
}
@endpoints.api("user", "v1", api_key_required=True,
issuers=issuers)
class UserApi(remote.Service):
@models.UserModel.query_method(
user_required=True,
path="info",
name="user.info",
http_method="GET")
def info(self, query):
return query.filter(
models.UserModel.owner == endpoints.get_current_user())
该错误让我想到,如果我只是在$ python lib/endpoints/endpointscfg.py get_openapi_spec main.UserApi --hostname [SERVICE-NAME].endpoints.[GAE_APP_ID].appspot.com
No handlers could be found for logger "endpoints.apiserving"
Traceback (most recent call last):
File "lib/endpoints/endpointscfg.py", line 633, in <module>
main(sys.argv)
File "lib/endpoints/endpointscfg.py", line 629, in main
args.callback(args)
File "lib/endpoints/endpointscfg.py", line 487, in _GenOpenApiSpecCallback
application_path=args.application)
File "lib/endpoints/endpointscfg.py", line 332, in _GenOpenApiSpec
application_path=application_path)
File "lib/endpoints/endpointscfg.py", line 214, in GenApiConfig
services, hostname=hostname))
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 973, in pretty_print_config_to_json
descriptor = self.get_openapi_dict(services, hostname)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 959, in get_openapi_dict
return self.__api_openapi_descriptor(services, hostname=hostname)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 872, in __api_openapi_descriptor
security_definitions)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 691, in __method_descriptor
service.api_info.audiences, security_definitions)
File "D:\Users\Will\Documents\Projects\CardApp\backend\lib\endpoints\openapi_generator.py", line 722, in __x_security_descriptor
_INVALID_AUTH_ISSUER % default_auth_issuer)
api_exceptions.ApiConfigurationError: No auth issuer named google_id_token defined in this Endpoints API.
中"firebase"交换"google_id_token"它可能会有效,但我已经尝试了,只得到了401。
我也开始在GAE Logging中看到这个错误:
issuers我通过我的测试发送的idToken(通过Postman使用标题Cannot decode and verify the auth token. The backend will not be able to retrieve user info (/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/control/wsgi.py:588)
Traceback (most recent call last):
File "/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/control/wsgi.py", line 585, in __call__
service_name)
File "/base/data/home/apps/s~[GAE/FIREBASE_PROJECT]/20170318t232908.399940418908006950/lib/google/api/auth/tokens.py", line 83, in authenticate
"allow provider id: " + provider_id)
UnauthenticatedException: The requested method does not allow provider id: google_id_token
完成)是使用Authorization: Bearer [idToken]生成的,我检查了jwt.io以确认它实际上是一个有效的令牌
我最初的想法是我没有正确设置pyrebase,但我不确定它应该是什么(尽管我尝试从API管理器添加ClientID&gt;凭据)。
是否可以使用endpointsv2框架上的audiences使用firebase进行身份验证?如果是这样,我需要采取哪些不同的方式来实现这一目标?如果没有,我的代码是否会在不使用endpoints-proto-datastore的情况下立即工作?
修改
看起来这是端点库本身的问题
https://github.com/cloudendpoints/endpoints-python/issues/32