java - 对端点使用 Auth

Question

我使用 Google Cloud Endpoints 定义了一个简单的 API:

@Api(name = "realestate", version = "v1", clientIds = { com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID }, scopes = {
        "https://www.googleapis.com/auth/userinfo.email",
        "https://www.googleapis.com/auth/userinfo.profile" })
public class RealEstatePropertyV1 {

    @ApiMethod(name = "create", path = "properties", httpMethod = HttpMethod.POST)
    public void create(RealEstateProperty property, User user)
            throws UnauthorizedException {
        if (user == null) {
            throw new UnauthorizedException("Must log in");
        }
        System.out.println(user.getEmail());
    }

}

然后我尝试使用 API explorer 对其进行测试。我激活了 OAuth 2.0。但是当我执行请求时，User 对象是 null。

Jun 23, 2013 10:21:50 AM com.google.appengine.tools.development.DevAppServerImpl start
INFO: Dev App Server is now running
Jun 23, 2013 10:22:42 AM com.google.api.server.spi.SystemServiceServlet init
INFO: SPI restricted: true
Jun 23, 2013 10:22:43 AM com.google.api.server.spi.WebApisUserService getCurrentUser
WARNING: getCurrentUser: clientId  not allowed
Jun 23, 2013 10:22:43 AM com.google.api.server.spi.SystemService invokeServiceMethod
INFO: cause={0}
com.google.api.server.spi.response.UnauthorizedException: Must log in
    at com.realestate.api.v1.RealEstatePropertyV1.create(RealEstatePropertyV1.java:44)

Answer 1

消息 getCurrentUser: clientId not allowed 表示与 token 关联的客户端 ID 是空字符串。这似乎不可能，可能是一个奇怪的错误/怪癖。

您应该检查请求中发送的 token ，它将位于 Request 部分，例如

GET https://www.googleapis.com/oauth2/v2/userinfo?key={YOUR_API_KEY}

Authorization:  Bearer ya29....
X-JavaScript-User-Agent:  Google APIs Explorer

并且您的 token 是以 ya29. 开头的 token 。您应该通过将 token 信息发送到 token 信息 API 来确保 token 信息得到检查:

https://developers.google.com/apis-explorer/#p/oauth2/v2/oauth2.tokeninfo