我有一个受Google OAuth保护的简单Web应用程序。因此,用户必须使用她的自定义域Google帐户登录。 Google会以令牌进行响应,应用程序可以使用令牌。它包含用户电子邮件,姓名等...
在无服务器后端上是AWS Lambda,后者又称为Google API。该网站将Google令牌发送到AWS,然后将其发送到标头Authentication: Bearer ${token}中的Google API。
问题是,Google API始终返回错误“无效的凭据”
我确保令牌的范围包含对给定API的访问权,因此我认为它应该可以工作。 我想念什么?
PS:AWS Infra的部署是通过Pulumi脚本实现的。
示例代码
const payload = JSON.stringify({ ... some object ... });
const options = {
host: 'www.googleapis.com',
path: '/admin/directory/v1/users',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Content-Length': payload.length.toString(),
// Token is obtained from browser, but used in context of AWS lambda
'Authorization': `Bearer ${token.token_id}`
}
};
return new Promise(function (resolve, reject) {
try {
let body = new Array<Buffer>();
const request = https.request(options, function (res: any) {
if (res.statusCode != 200) {
reject(res.statusCode);
}
res.on('data', (data: any) => {
body.push(data);
// It seems that the 'request.on('end') is never fired
// I receive the data in the first batch, and that's it
resolve(data.toString());
});
});
request.on('end', () => {
console.error('Request ended');
// at this point, `body` has the entire request body stored in it as a string
let result = Buffer.concat(body).toString();
resolve(result);
});
request.on('error', async (err: Error) => {
console.error('Errooooorrrr request failed');
reject(err);
});
// Write the payload to the body of the request
if (payload) {
request.write(payload);
};
request.end();
}
catch (e) {
console.log('Something unexpected', e);
}
});