Open varungbt opened 5 years ago
When I use $.googleOuth2AccessToken() call in a deployment manager template, the generated token (decoded) looks like
{
"azp": "anonymous",
"aud": "anonymous",
"scope": "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/ndev.cloudman https://www.googleapis.com/auth/devstorage.read_write https://www.googleapis.com/auth/compute https://www.googleapis.com/auth/appengine.admin",
"exp": "1540590484",
"expires_in": "2423",
"email": "<project_id>@cloudservices.gserviceaccount.com",
"email_verified": "true",
"access_type": "offline"
}
This does not look like a valid id token that can be used for Google Endpoints authentication.
I do not think Cloud Endpoints can authenticate using such a token with aud
set to anonymous
and missing iss (issuer)
Does $.googleOauth2AccessToken()
work with Cloud Endpoints ?
I have received a reply on the issue in a different forum. Just wanted to share the reply I received. Seems like this is a bug IssueTracker
I wanted to know more about the deployment manager authentication against a cloud endpoint. Documentation states that dm oauth authentication with cloud endpoints works , but there are no examples to guide through.
From the documentation
I have a app engine API service behind an cloud endpoint. If I have to invoke this API using deployment manager, what are the steps that are needed ?
I used the description url for the Google deployment manager to be the rest api link of the app engine service
I cannot get the deployment manager successfuly authenticate against a oauth enabled cloud endpoint. Any pointers ?