如何在函数内部通过 api 网关验证的路由中获取 jwt 负载?
How to get the jwt payload in route authenticated by api gateway inside the function?
我为我的项目配置了一个网关,我在路由中添加了安全选项并且它起作用了:
我生成 jwt 令牌的函数:
def generate_jwt():
payload = {"iat": iat, "exp": exp, "iss": iss, "aud": aud, "sub": iss, "email": iss, "company": company}
signer = google.auth.crypt.RSASigner.from_service_account_file(sa_keyfile)
jwt = google.auth.jwt.encode(signer, payload)
return jwt
.yaml 文件:
- 安全性:
securityDefinitions:
apikey:
type: "apiKey"
name: "key"
in: "header"
bearer:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "mygserviceaccount"
x-google-jwks_uri: "mygserviceaccount.com"
x-google-audiences: "aud"
x-google-jwt-locations:
- header: "Authorization"
value_prefix: "Bearer "
- 我配置了 jwt 的路由:
/MyRoute:
post:
description: "Route"
operationId: "Route"
x-google-backend:
address: routeadress
deadline: 360
security:
- bearer: []
responses:
200:
description: "Success."
400:
description: "Bad Request."
401:
description: "Unauthorized."
有了这个配置,我需要在 Header 中发送 jwt 令牌,如果我不发送这个,网关 returns 一个错误,否则如果 jwt 有效,我的函数叫做。所以这有效!
但我的问题是,如何在 MyRoute 中恢复由 api 网关生成的负载?
负载应该对我可用,否则我需要调用另一个 google api 来解码来自 req.headers.authorization 的 jwt ?
@John Hanley 所说的答案是使用 header x-apigateway-api-userinfo:
const userInfo = req.headers['x-apigateway-api-userinfo']
const data = Buffer.from(userInfo, 'base64').toString('utf-8')
我的数据有我被告知的有效负载。
API 网关将在 HTTP header X-Apigateway-Api-Userinfo 中转发 JWT。此 header 是 Base64 URL 编码 并包含 JWT 负载。
Receiving authenticated results in your API
[编辑:我添加了@Vinicius 为回应我的回答而写的示例]
const userInfo = req.headers['x-apigateway-api-userinfo']
const data = Buffer.from(userInfo, 'base64').toString('utf-8')
我为我的项目配置了一个网关,我在路由中添加了安全选项并且它起作用了:
我生成 jwt 令牌的函数:
def generate_jwt():
payload = {"iat": iat, "exp": exp, "iss": iss, "aud": aud, "sub": iss, "email": iss, "company": company}
signer = google.auth.crypt.RSASigner.from_service_account_file(sa_keyfile)
jwt = google.auth.jwt.encode(signer, payload)
return jwt
.yaml 文件:
- 安全性:
securityDefinitions:
apikey:
type: "apiKey"
name: "key"
in: "header"
bearer:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "mygserviceaccount"
x-google-jwks_uri: "mygserviceaccount.com"
x-google-audiences: "aud"
x-google-jwt-locations:
- header: "Authorization"
value_prefix: "Bearer "
- 我配置了 jwt 的路由:
/MyRoute:
post:
description: "Route"
operationId: "Route"
x-google-backend:
address: routeadress
deadline: 360
security:
- bearer: []
responses:
200:
description: "Success."
400:
description: "Bad Request."
401:
description: "Unauthorized."
有了这个配置,我需要在 Header 中发送 jwt 令牌,如果我不发送这个,网关 returns 一个错误,否则如果 jwt 有效,我的函数叫做。所以这有效!
但我的问题是,如何在 MyRoute 中恢复由 api 网关生成的负载?
负载应该对我可用,否则我需要调用另一个 google api 来解码来自 req.headers.authorization 的 jwt ?
@John Hanley 所说的答案是使用 header x-apigateway-api-userinfo:
const userInfo = req.headers['x-apigateway-api-userinfo']
const data = Buffer.from(userInfo, 'base64').toString('utf-8')
我的数据有我被告知的有效负载。
API 网关将在 HTTP header X-Apigateway-Api-Userinfo 中转发 JWT。此 header 是 Base64 URL 编码 并包含 JWT 负载。
Receiving authenticated results in your API
[编辑:我添加了@Vinicius 为回应我的回答而写的示例]
const userInfo = req.headers['x-apigateway-api-userinfo']
const data = Buffer.from(userInfo, 'base64').toString('utf-8')