带有Firebase身份验证的ESPv2的JWT验证失败

如何解决带有Firebase身份验证的ESPv2的JWT验证失败

我正在使用Cloud functions with ESPV2和Firebase authentication and API Management构建经过身份验证的Cloud函数。身份验证后从Firebase获得JWT令牌后，我尝试将curl中的令牌与Authorization链接为Bearer。在邮递员中尝试时遇到“ JWT验证失败”的提示。从客户端应用程序尝试时出现“错误请求”。除了链接中提到的设置之外，我在发出请求之前是否还需要做其他事情？

根据要求更新更多详细信息

swagger: "2.0"
info:
  title: My API Endpoints
  description: My API Endpoints
  version: 1.0.0
host: myapi-abcdefg.a.run.app
schemes:
  - https
produces:
  - application/json
securityDeFinitions:
  firebase:
    authorizationUrl: ""
    flow: "implicit"
    type: "oauth2"
    x-google-issuer: "https://securetoken.google.com/fan-demand"
    x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/Metadata/x509/securetoken@system.gserviceaccount.com"
    x-google-audiences: "my-google-project-id"
paths:
  /getevents:
    get:
      summary: Get Events
      operationId: getevents
      x-google-backend:
        address: https://us-central1-my-google-project-id.cloudfunctions.net/getevents
        protocol: h2
      security:
        - firebase: []
      responses:
        "200":
          description: A successful response
          schema:
            type: string
        "403":
          description: Failed to authenticate

部署此服务后，我使用Firebase Dart SDK中的getIdToken()方法从Firebase获取了ID令牌。 JWT令牌采用Header.payload.tail格式。然后，将令牌与Authorization和id令牌一起添加到Bearer 标题中，并得到以下响应。

更新： 我使用https://cloud.google.com/api-gateway/docs/authenticating-users-firebase而不是ESP尝试了新的API Gateway产品。

我的配置：

swagger: "2.0"
info:
  title: My API Endpoints
  description: My API Endpoints
  version: 1.0.0
schemes:
  - https
produces:
  - application/json
securityDeFinitions:
  firebase:
    authorizationUrl: ""
    flow: "implicit"
    type: "oauth2"
    x-google-issuer: "https://securetoken.google.com/my-project"
    x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/Metadata/x509/securetoken@system.gserviceaccount.com"
    x-google-audiences: "my-project"
paths:
  /getevents:
    get:
      summary: Get Events
      operationId: getevents
      x-google-backend:
        address: https://us-central1-my-project.cloudfunctions.net/getevents
      security:
        - firebase: []
      responses:
        "200":
          description: A successful response
          schema:
            type: string
        "403":
          description: Failed to authenticate

客户端代码： 客户端是用dart开发的，user是https://pub.dev/documentation/firebase_auth/latest/firebase_auth/User/getIdToken.html的firebase auth对象

user.getIdToken().then((token) async {
  final response = await http.get(
      Uri.parse(
          'https://mygateway/getevents'),headers: {
        'Content-Type': 'application/json','Accept': 'application/json','Authorization': 'Bearer $token',});
  print('Token : ${token}');
  print(response.body);
});

我得到了答复

403禁止访问-您的客户无权获取URL

解决方法

Unlike Google Sign-in above,your function is doing the authentication;
therefore,you will be billed for unauthenticated requests since the function must do work to validate the token.

To provide API management for Cloud Functions,you deploy the prebuilt ESPv2 container to Cloud Run.

You then secure your functions by using Cloud Functions IAM so that ESPv2 can invoke them.

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。