我们有一个基于Firebase的安全API,我们需要使用服务帐户在Google Cloud Scheduler中访问相同的API。我们在Google Cloud Endpoint的openapi.yaml中添加了Firebase。我们发现可以使用下面的链接添加替代安全性openapi-limitations
我们试图在云调度程序中使用OIDC令牌。然后尝试访问相同的API。我们的openapi.yaml看起来像这样
"/common/test":
post:
description: "test"
operationId: "test"
responses:
200:
description: "Success"
400:
description: "Fail"
security:
- firebase: []
- service_account: []
securityDefinitions:
firebase:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "https://securetoken.google.com/test"
x-google-jwks_uri:
"https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]"
x-google-audiences: "test"
service_account:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "SA_EMAIL_ADDRESS"
x-google-jwks_uri: "https://www.googleapis.com/robot/v1/metadata/x509/SA_EMAIL_ADDRESS"
但是后来我的解决方案无法正常工作,我该如何解决?
OIDC(openConnectId)令牌与Oauth2授权不兼容。 OpenAPI v3 has added support for OIDC tokens。