我在我的App Engine项目中实现了Cloud Endpoints框架,我想从不赞成使用的API资源管理器迁移到新的Endpoints Portal,但是我遇到了身份验证问题。
我有一个通过Google ID token启用身份验证的端点。但是,当用户在Endpoints Portal中单击“ Try This API”时,他没有经过身份验证。这适用于旧的API Explorer。
我使用本教程中介绍的项目:https://cloud.google.com/endpoints/docs/frameworks/java/get-started-frameworks-java。
documentation中已经描述了API Management,而我遵循these steps来对用户进行身份验证
我已将以下类添加到示例代码中,以通过身份验证来测试API:
package com.example.echo;
import com.google.api.server.spi.auth.common.User;
import com.google.api.server.spi.config.Api;
import com.google.api.server.spi.config.ApiMethod;
import com.google.api.server.spi.response.UnauthorizedException;
@Api(
name = "authenticatedApi",
title = "Authenticated API",
version = "v1",
description = "Use OAuth 2.0 to authenticate",
scopes = {"https://www.googleapis.com/auth/userinfo.email"},
clientIds = {"*"}
)
public class AuthenticatedApi {
@ApiMethod(name = "sayHello")
public Message sayHello(User user) throws UnauthorizedException {
if (user == null) {
throw new UnauthorizedException("Invalid credentials");
}
Message message = new Message();
message.setMessage("Hello " + user.getEmail());
return message;
}
}
关于如何配置门户网站进行身份验证的问题documentation,但关于OAuth 2.0却一无所知
我使用maven插件和gcloud生成并部署openapi.json文件:
$ mvn endpoints-framework:openApiDocs
$ gcloud endpoints services deploy target/openapi-docs/openapi.json
我想念什么?
答案 0 :(得分:0)
所以我找到了一种方法,但是找不到有关它的任何文档。
此code sample建议Cloud Endpoints Portal需要ESP。但是与带有OpenApi的Cloud Endpoints不同,Cloud Endpoints Framework does not use ESP,但是:
内置API网关,提供的API管理功能与ESP为OpenAPI端点提供的功能相当
因此,mvn endpoints-framework:openApiDocs
生成的openapi.json文件缺少一些信息。
这是我更改的内容:
在课程级别,在@Api批注中:
在openapi.json文件中,使用mvn endpoints-framework:openApiDocs
生成
来源:
API
package com.example.echo;
import com.google.api.server.spi.auth.common.User;
import com.google.api.server.spi.config.Api;
import com.google.api.server.spi.config.ApiMethod;
import com.google.api.server.spi.response.UnauthorizedException;
@Api(
name = "authenticatedApi",
title = "Authenticated API",
version = "v1",
description = "Use OAuth to authenticate",
scopes = {"https://www.googleapis.com/auth/userinfo.email"},
clientIds = {"*"},
audiences = {"my-web-client-id.apps.googleusercontent.com"},
authenticators = {CustomAuthenticator.class}
)
public class AuthenticatedApi {
@ApiMethod(name = "sayHello")
public Message sayHello(User user) throws UnauthorizedException {
if (user == null) {
throw new UnauthorizedException("Invalid credentials");
}
Message message = new Message();
message.setMessage("Hello " + user.getEmail());
return message;
}
}
止痛药
package com.example.echo;
import com.google.api.auth.UserInfo;
import com.google.api.control.ConfigFilter;
import com.google.api.control.model.MethodRegistry;
import com.google.api.server.spi.auth.EndpointsAuthenticator;
import com.google.api.server.spi.auth.common.User;
import com.google.api.server.spi.response.ServiceUnavailableException;
import javax.servlet.http.HttpServletRequest;
public class CustomAuthenticator extends EndpointsAuthenticator {
private final com.google.api.auth.Authenticator authenticator;
public CustomAuthenticator() {
// ESP needs another authenticator
this.authenticator = com.google.api.auth.Authenticator.create();
}
@Override
public User authenticate(HttpServletRequest request) throws ServiceUnavailableException {
User user = super.authenticate(request);
// Testing the user is enough for the API Explorer, not for the Endpoints Portal
if (user == null) {
try {
MethodRegistry.Info methodInfo = ConfigFilter.getMethodInfo(request);
MethodRegistry.AuthInfo authInfo = methodInfo.getAuthInfo().get();
String serviceName = ConfigFilter.getService(request).getName();
UserInfo userInfo = this.authenticator.authenticate(request, authInfo, serviceName);
user = new User(userInfo.getId(), userInfo.getEmail());
} catch (Exception e) {
return null;
}
}
return user;
}
}
openapi.json
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "My Application"
},
"host": "my-application.appspot.com",
"basePath": "/_ah/api",
"schemes": [
"https"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"paths": {
"/authenticatedApi/v1/sayHello": {
"post": {
"operationId": "AuthenticatedApiSayHello",
"parameters": [],
"responses": {
"200": {
"description": "A successful response",
"schema": {
"$ref": "#/definitions/Message"
}
}
},
"security": [
{
"google_id_token_https": ["https://www.googleapis.com/auth/userinfo.email"]
}
],
"x-security": [
{
"google_id_token_https": {
"audiences": [
"my-web-client-id.apps.googleusercontent.com"
]
}
}
]
}
}
},
"securityDefinitions": {
"google_id_token_https": {
"type": "oauth2",
"authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth",
"flow": "implicit",
"x-google-issuer": "https://accounts.google.com",
"x-google-jwks_uri": "https://www.googleapis.com/oauth2/v1/certs"
}
},
"definitions": {
"Email": {
"properties": {
"email": {
"type": "string"
}
}
},
"Message": {
"properties": {
"message": {
"type": "string"
}
}
}
}
}
答案 1 :(得分:0)
这是Google Cloud Endpoints团队当前的功能请求: