問題描述
發布/訂閱請求身份驗證作為服務(或通過服務密鑰)而不是 Auth0 臨時密鑰 (Pub/sub request authentication as a service (or by service key) instead of Auth0 temporary key)
如果我添加從以下命令獲取的訪問令牌 </p>
POST https://pubsub.googleapis.com/v1/projects/[project_name]/topics/[topic_id]?key=[YOUR_API_KEY] HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
Content‑Type: application/json
</code></pre>
該令牌僅在 60 分鐘的有限時間內有效。因此,我必須每小時創建一個 access_token。
由於這是一個服務器到服務器的請求,我希望請求被授權更長時間,直到沒有任何外部干擾。
任何人都可以建議或指出任何錯誤。提前謝謝你
由於這是一個服務器到服務器的請求,我希望請求被授權更長的時間,直到沒有任何外部干擾。</strong></p> 任何人都可以提出建議或指出任何錯誤。提前謝謝你
由於這是一個服務器到服務器的請求,我希望請求被授權更長時間,直到沒有任何外部干擾。</strong></p> 任何人都可以提出建議或指出任何錯誤。提前謝謝你
參考解法
方法 1:
In your use case a production server to server communication when using a
Google Cloud Platform client library. The best approach to authentication is to use a strategy called Application Default Credentials (ADC) to find your application's credentials.
If using a client library,the strategy checks for your credentials in the following order:
1) ADC checks to see if the environment variable GOOGLE_APPLICATION_CREDENTIALS is set. If the variable is set, ADC uses the service account file that the variable points to.
2) If the GOOGLE_APPLICATION_CREDENTIALS environment variable is not set, ADC uses the default service account that Compute Engine, Kubernetes Engine, Cloud Run, App Engine, and Cloud Functions provide, for applications that run on those services.
3) If ADC can't use either of the above credentials, an error occurs.
For a comprehensive explanation you should review the official documentation Setting Up Authentication for Server to Server Production Applications
(by nikhil sadalagi、Paddy Popeye)
參考文件