IBM 云对象存储 nodejs 身份验证

IBM Cloud Object Storage nodejs authentication

我正在尝试通过 nodejs(进入 node-red)连接到我的云对象存储。我不想使用现有的 SDK。为了简单起见,我将在这个问题中使用 postman/curl。此外,以下请求应该列出我所有的桶。

这是我当前的 curl 等效请求(由邮递员创建)

GET / HTTP/1.1
Host: s3.us-south.cloud-object-storage.appdomain.cloud
ibm-service-instance-id: MY INSTANCE ID
Content-Type: text/plain
Authorization: Bearer MYTOKEN
User-Agent: PostmanRuntime/7.13.0
Accept: */*
Cache-Control: no-cache
Postman-Token: POSTMAN TOKEN
Host: s3.us-south.cloud-object-storage.appdomain.cloud
accept-encoding: gzip, deflate
Connection: keep-alive
cache-control: no-cache

但是这个returns:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Error>
    <Code>AccessDenied</Code>
    <Message>Access Denied</Message>
    <Resource></Resource>
    <RequestId>REQ ID</RequestId>
    <httpStatusCode>403</httpStatusCode>
</Error>

有什么我想念的吗?我指的是这个文档: https://cloud.ibm.com/docs/services/cloud-object-storage/cli?topic=cloud-object-storage-compatibility-api-bucket-operations#compatibility-api-list-buckets

您需要获得一个 API 授权令牌。为此,您需要您已经获得的 API 密钥。 how to request the IAM access token 见此处。基本上:

curl -X "POST" "https://iam.cloud.ibm.com/identity/token" \
     -H 'Accept: application/json' \
     -H 'Content-Type: application/x-www-form-urlencoded' \
     --data-urlencode "apikey={api-key}" \
     --data-urlencode "response_type=cloud_iam" \
     --data-urlencode "grant_type=urn:ibm:params:oauth:grant-type:apikey"