gpt4 book ai didi

python - Cloud Endpoints 返回 401 Jwt issuer is not configured

转载 作者:行者123 更新时间:2023-12-05 01:35:45 24 4
gpt4 key购买 nike

我正在尝试设置服务到服务身份验证,以便外部应用程序可以向 Cloud Run 应用程序(在 Cloud Endpoints API 网关后面)发出请求。

我已关注 Cloud Endpoints authentication between services文档,但是在尝试访问 Cloud Run 服务时我继续收到以下错误:

401: Jwt issuer is not configured

在 openapi 规范中,我设置了端点安全和 securityDefinition:

/endpoint_1:
get:
...
security:
- service_account: []

securityDefinitions:
service_account:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "<service_account_email>"
x-google-jwks_uri: "https://www.googleapis.com/robot/v1/metadata/x509/<service_account_email>"
x-google-audiences: "https://<cloud-run-service>-pjcfvhz2qq-uc.a.run.app"

然后使用 ESPv2 Beta 将其部署到 Cloud Run,如 Cloud Endpoints documentation 所述.

部署完所有内容后,我尝试从我的本地计算机运行以下脚本以生成签名的 jwt 并向 Cloud Run 服务发出请求:

import os
import json
import time
import requests
import google.auth.crypt
import google.auth.jwt

now = int(time.time())
expiry_length = 3600
sa_email = '<service_account_email>'

payload = {
'iat': now,
'exp': now + expiry_length,
'iss': sa_email,
'sub': sa_email,
'email': sa_email,
'aud': 'https://<cloud-run-service>-pjcfvhz2qq-uc.a.run.app',
}

file_path = "service-account.json"

signer = google.auth.crypt.RSASigner.from_service_account_file(file_path)
signed_jwt = google.auth.jwt.encode(signer, payload)

headers = {
'Authorization': 'Bearer {}'.format(signed_jwt.decode('utf-8')),
'content-type': 'application/json',
}

url = "https://<cloud-run-service>-pjcfvhz2qq-uc.a.run.app/endpoint_1"
res = requests.get(url, headers=headers)
print(res.json())

获取请求的响应:

{'message': 'Jwt issuer is not configured', 'code': 401}

颁发者已在 openapi 规范中指定为与用于生成 JWT 的颁发者相匹配的服务帐户电子邮件。

任何关于Jwt issuer is not configured 实际含义的指导,我们都很感激。

最佳答案

我认为您需要 Google 签名的 JWT token ,而不是自签名 token 。尝试用这个更改代码的结尾(在 signed_jwt = ... 行之后)

    auth_url = "https://www.googleapis.com/oauth2/v4/token"

params = {
'assertion': signed_jwt, # You may need to decode the signed_jwt: signed_jwt.decode('utf-8')
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
}

r = requests.post(auth_url, data=params)

if r.ok:
id_token = r.json()['id_token']

headers = {
'Authorization': 'Bearer {}'.format(id_token),
'content-type': 'application/json',
}

url = "https://<cloud-run-service>-pjcfvhz2qq-uc.a.run.app/endpoint_1"
res = requests.get(url, headers=headers)
print(res.json())

# For debugging
print(r)
print(vars(r))

关于python - Cloud Endpoints 返回 401 Jwt issuer is not configured,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62668372/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com