AppIdentityError: Wrong recipient while verifying Bearer token
AppIdentityError: Wrong recipient while verifying Bearer token
我们在我们的应用程序中使用一键操作电子邮件标记。我们的电子邮件已列入我们发送电子邮件的电子邮件 ID (XXX@YYY.com) 的白名单。
当我们尝试验证不记名令牌时,我们收到 AppIdentityError:错误的收件人,。完整的堆栈跟踪:
File "./app/components/happier_pages/py/lib/oauth2client/util.py",
line 142, in positional_wrapper
return wrapped(*args, **kwargs) File "./app/components/happier_pages/py/lib/oauth2client/client.py", line
1706, in verify_id_token
return crypt.verify_signed_jwt_with_certs(id_token, certs, audience) File
"./app/components/happier_pages/py/lib/oauth2client/crypt.py", line
170, in verify_signed_jwt_with_certs (aud, audience, json_body))
AppIdentityError: Wrong recipient, "domain.com" !=
"service-account-id"
{"iss":"accounts.google.com","aud":"mydomain.com","sub":"1234556789","email_verified":true,"azp":"gmail@system.gserviceaccount.com","id":"123456789","verified_email":true,"email":"gmail@system.gserviceaccount.com","cid":"gmail@system.gserviceaccount.com","iat":123,"exp":123}
下面是验证不记名令牌的代码片段:
GMAIL_ISSUEE = 'gmail@system.gserviceaccount.com'
GOOGLE_API_CLIENT_SERVICE_ID = 'xxxxx@developer.gserviceaccount.com'
BEARER_TOKEN=self.request.headers["Authorization"].split('Bearer ')[1]
token = client.verify_id_token(BEARER_TOKEN.strip(), GOOGLE_API_CLIENT_SERVICE_ID)
以上代码摘自https://developers.google.com/gmail/markup/actions/verifying-bearer-tokens:
@Sagar 已确认这有效。
而不是:
client.verify_id_token(BEARER_TOKEN, GOOGLE_API_CLIENT_SERVICE_ID)
使用发件人域作为目标受众:
client.verify_id_token(BEARER_TOKEN, "yourdomain.com")
我们在我们的应用程序中使用一键操作电子邮件标记。我们的电子邮件已列入我们发送电子邮件的电子邮件 ID (XXX@YYY.com) 的白名单。
当我们尝试验证不记名令牌时,我们收到 AppIdentityError:错误的收件人,。完整的堆栈跟踪:
File "./app/components/happier_pages/py/lib/oauth2client/util.py", line 142, in positional_wrapper return wrapped(*args, **kwargs) File "./app/components/happier_pages/py/lib/oauth2client/client.py", line 1706, in verify_id_token return crypt.verify_signed_jwt_with_certs(id_token, certs, audience) File "./app/components/happier_pages/py/lib/oauth2client/crypt.py", line 170, in verify_signed_jwt_with_certs (aud, audience, json_body)) AppIdentityError: Wrong recipient, "domain.com" != "service-account-id" {"iss":"accounts.google.com","aud":"mydomain.com","sub":"1234556789","email_verified":true,"azp":"gmail@system.gserviceaccount.com","id":"123456789","verified_email":true,"email":"gmail@system.gserviceaccount.com","cid":"gmail@system.gserviceaccount.com","iat":123,"exp":123}
下面是验证不记名令牌的代码片段:
GMAIL_ISSUEE = 'gmail@system.gserviceaccount.com'
GOOGLE_API_CLIENT_SERVICE_ID = 'xxxxx@developer.gserviceaccount.com'
BEARER_TOKEN=self.request.headers["Authorization"].split('Bearer ')[1]
token = client.verify_id_token(BEARER_TOKEN.strip(), GOOGLE_API_CLIENT_SERVICE_ID)
以上代码摘自https://developers.google.com/gmail/markup/actions/verifying-bearer-tokens:
@Sagar 已确认这有效。
而不是:
client.verify_id_token(BEARER_TOKEN, GOOGLE_API_CLIENT_SERVICE_ID)
使用发件人域作为目标受众:
client.verify_id_token(BEARER_TOKEN, "yourdomain.com")