I am receiving an "Audience not allowed" warning in my google developers console logs when trying to make an authenticated request via Google Cloud Endpoints from an Android app.
在尝试通过Android应用程序通过Google Cloud Endpoints进行身份验证请求时,我在Google开发者控制台日志中收到“受众不允许”警告。
Looking through the Endpoints source code, that corresponds to:
查看Endpoints源代码,对应于:
aud = parsed_token.get('aud')
cid = parsed_token.get('azp')
if aud != cid and aud not in audiences:
logging.warning('Audience not allowed: %s', aud)
My calling code in the android app:
我在Android应用程序中的调用代码:
public static final String WEB_CLIENT_ID = "web-client-id.apps.googleusercontent.com";
public static final String AUDIENCE = "server:client_id:" + WEB_CLIENT_ID;
GoogleAccountCredential credential = GoogleAccountCredential.usingAudience(
mContext,
AUDIENCE
);
Grapi.Builder builder = new Grapi.Builder(HTTP_TRANSPORT,
JSON_FACTORY, credential);
Grapi service = builder.build()
Where "web-client-id" is the alpha numeric client id generated in google developers console. This service is used to make authenticated calls.
其中“web-client-id”是谷歌开发者控制台中生成的字母数字客户端ID。此服务用于进行经过身份验证的呼叫。
This is also the same WEB_CLIENT_ID that is passed to the api decorator in my backend python code:
这也是在我的后端python代码中传递给api修饰符的WEB_CLIENT_ID:
WEB_CLIENT_ID = 'web-client-id.apps.googleusercontent.com'
ANDROID_CLIENT_ID = 'android-client-id.apps.googleusercontent.com'
ANDROID_AUDIENCE = WEB_CLIENT_ID
grapi_client_ids = [ANDROID_CLIENT_ID,
WEB_CLIENT_ID,
endpoints.API_EXPLORER_CLIENT_ID]
grapi_audiences = [ANDROID_AUDIENCE]
@endpoints.api(name='grapi', version='v1',
allowed_client_ids=grapi_client_ids, audiences=grapi_audiences,
scopes=[endpoints.EMAIL_SCOPE])
It looks like all of this is causing endpoints.get_current_user() to return None, and my authenticated call to fail.
看起来所有这些都导致endpoints.get_current_user()返回None,并且我的身份验证调用失败。
1 个解决方案
#1
0
When I initialized my web client id and android client id variables in the python backend, I used backslashes for line continuation to conform with PEP8 (80 character line length) ie.
当我在python后端初始化我的web客户端id和android客户端id变量时,我使用反斜杠来继续行以符合PEP8(80个字符行长度)即ie。
WEB_CLIENT_ID = 'web-client-id'\
'.apps.googleusercontent.com'
ANDROID_CLIENT_ID = 'android-client-id'\
'.apps.googleusercontent.com'
I am not sure why this was not read correctly, but when I used line continuation inside parenthesis it worked fine.
我不确定为什么没有正确读取,但是当我在括号内使用行继续时它工作正常。
WEB_CLIENT_ID = ('web-client-id'
'.apps.googleusercontent.com')
ANDROID_CLIENT_ID = ('android-client-id'
'.apps.googleusercontent.com')