I try using google endpoints v2 in Python using Auth0 in standard appengine but if i follow the documentation my endpoints are open for all public. I have proved using the next options with the next result:
1ª option
In my endpoints class:
@endpoints.api(name='ganadero', version='v1',api_key_required=True,
audiences={'auth0_jwk': ['ganadero-api.endpoints.XXXX.appspot.com','https://YYYYY.es','https://ZZZZZ.eu.auth0.com/api/v2/']},
issuers={'auth0_jwk': endpoints.Issuer('https:// ZZZZZ.eu.auth0.com',
'https:// ZZZZZ.eu.auth0.com/.well-known/jwks.json')}) class GanaderoAPI(remote.Service):
I compiled with the next command:
python lib/endpoints/endpointscfg.py get_openapi_spec main.GanaderoAPI --hostname ganadero-api.endpoints.XXXX.appspot.com
My ganaderoV1openapi.json is the next:
"/ganadero/v1/ganadero/ususarios": {
"get": {
"operationId": "GanaderoAPI_obtenerExplotaciones",
"parameters": [
{
"format": "int64",
"in": "query",
"name": "identificador",
"type": "string"
},
{
"in": "query",
"name": "nombre",
"type": "string"
},
{
"in": "query",
"name": "email",
"type": "string"
},
{
"in": "query",
"name": "metadatoEmail",
"type": "string"
}
],
"responses": {
"200": {
"description": "A successful response",
"schema": {
"$ref": "#/definitions/MainMensajeUsuario"
}
}
},
"security": [
{
"api_key": [],
"auth0_jwk": []
}
],
"x-security": [
{
"auth0_jwk": {
"audiences": [
"ganadero-api.endpoints.XXXXX.appspot.com",
"https://YYYYY.es",
"https://ZZZZZ.eu.auth0.com/api/v2/"
]
}
}
]
}
}
},
"produces": [
"application/json"
],
"schemes": [
"http"
],
"securityDefinitions": {
"api_key": {
"in": "query",
"name": "key",
"type": "apiKey"
},
"auth0_jwk": {
"authorizationUrl": "",
"flow": "implicit",
"type": "oauth2",
"x-google-issuer": "https://ZZZZZ.eu.auth0.com",
"x-google-jwks_uri": "https://ZZZZZ.eu.auth0.com/.well-known/jwks.json"
}
},
"swagger": "2.0"
}
Next, i use the next command:
gcloud service-management deploy ganaderov1openapi.json
Waiting for async operation operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:c1195c3a-9a3f-4c0d-86fa-21f40a8a647e to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:c1195c3a-9a3f-4c0d-86fa-21f40a8a647e
Waiting for async operation operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r2 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r2
Service Configuration [2017-08-27r2] uploaded for service [ganadero-api.endpoints.XXXXX.appspot.com]
To manage your API, go to: https://console.cloud.google.com/endpoints/api/ganadero-api.endpoints.XXXXX.appspot.com/overview?project=ganadero-146707
Next, I use:
gcloud app deploy -v endpoint
Now, my endpoints is deploying. But the problem is that I have use the API-KEY in the URL always. In the documentation said that I can used “x-api-key” in the header, but not function. Also, I must use the access_token of Auth0 in the header the next form:
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlFqbEdNVVEzTkRCR09FUkJPRGxCUTBSR1JUZzJPVUl4UkRjeU0wRXpRVFUwTUVReVEwRkVSQSJ9.eyJpc3MiOiJodHRwczovL3NlcmVuby5ldS5hdXRoMC5jb20vIiwic3ViIjoiWDdDR1dPbkpSczg4ZFdRbjV0eUZtdjVodk5BQ1d6TTNAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZ2FuYWRlcm8uZXMiLCJleHAiOjE1MDM4MzMzMjIsImlhdCI6MTUwMzc0NjkyMiwic2NvcGUiOiIifQ.k0rnc58YfLfAxjQJ7T22jViVAL0-CPqAmOTYSVKUtzDGTvmhrMqLXYYQb35nEsr3uGDfnkUL4O1g3pQkamdKIzz1gstcl_NaizchwtUfl0Wr60_MAP4PH1yyqb5aH7Jn6gBvJPb-aFDCulkHhCq9OjWg9-qLgyO4hd1_F-U4Jq3SMSDrCVyrsZcjJiwhgUmAWmqIuy_fiKCS3CJHF_rnTL3ZIYxfvzPasVzLPPM93vD5mZR8sEhuN1l0AHGprcp4gf0nuLHcMK8ZbYXvcmJyelbIRkGkrLZJFZTUlWKh-4N3nKoZDUVR4JFwTlOXCR8coTTa7JctxZNU9_NqeIeRfg
But is not necessary if I put &key= AIzasd0Z4t-8GasfasdfXDqrcKIki6CIog in the URL. If only add Authorization Bearer “access-token” in the header or add x-api-key “API-KEY” or add two options always appear the next error:
*
401 Method does not allow callers without established identity. Please use an API key or other form of API consumer identity to call this API.
*
Only function the next form:
https:// XXXX /_ah/api/ganadero/v1/ganadero/documentos?idExplotacion=5668600916475904&key= AIzaSyD0Z4t-V8as345bzLLz2XDqrcKIki6CIog
2ª option:
In my endpoints class:
@endpoints.api(name='ganadero', version='v1',
audiences={'auth0_jwk': ['ganadero-api.endpoints.XXXX.appspot.com','https://YYYYY.es','https://ZZZZZ.eu.auth0.com/api/v2/']},
issuers={'auth0_jwk': endpoints.Issuer('https:// ZZZZZ.eu.auth0.com',
'https:// ZZZZZ.eu.auth0.com/.well-known/jwks.json')})
class GanaderoAPI(remote.Service):
I compiled with the next command:
python lib/endpoints/endpointscfg.py get_openapi_spec main.GanaderoAPI --hostname ganadero-api.endpoints. XXXX.appspot.com
My gaanderov1openapi.json is the next:
"/ganadero/v1/ganadero/ususarios": {
"get": {
"operationId": "GanaderoAPI_obtenerExplotaciones",
"parameters": [
{
"format": "int64",
"in": "query",
"name": "identificador",
"type": "string"
},
{
"in": "query",
"name": "nombre",
"type": "string"
},
{
"in": "query",
"name": "email",
"type": "string"
},
{
"in": "query",
"name": "metadatoEmail",
"type": "string"
}
],
"responses": {
"200": {
"description": "A successful response",
"schema": {
"$ref": "#/definitions/MainMensajeUsuario"
}
}
},
"security": [
{
"auth0_jwk": []
}
],
"x-security": [
{
"auth0_jwk": {
"audiences": [
"https://YYYYY.es",
"https://ZZZZZ.eu.auth0.com/api/v2/"
]
}
}
]
}
}
},
"produces": [
"application/json"
],
"schemes": [
"http"
],
"securityDefinitions":
"auth0_jwk": {
"authorizationUrl": "",
"flow": "implicit",
"type": "oauth2",
"x-google-issuer": "https://ZZZZZ.eu.auth0.com",
"x-google-jwks_uri": "https://ZZZZZ.eu.auth0.com/.well-known/jwks.json"
}
},
"swagger": "2.0"
}
Next, i use the next command:
gcloud service-management deploy ganaderov1openapi.json
Waiting for async operation operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:b669eef3-97a3-430a-aacc-4a721ebc0db2 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:b669eef3-97a3-430a-aacc-4a721ebc0db2
WARNING: ganaderov1openapi.json: Operation 'delete' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'put' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/animales': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/compraVenta': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/compraventa': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'delete' in path '/ganadero/v1/ganadero/documento': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/documento': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/documentos': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/explotacion': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/usuario': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/ususarios': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
Waiting for async operation operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r1 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r1
Service Configuration [2017-08-27r1] uploaded for service [ganadero-api.endpoints.XXXXX.appspot.com]
To manage your API, go to: https://console.cloud.google.com/endpoints/api/ganadero-api.endpoints.XXXXX.appspot.com/overview?project=ganadero-146707
Next, I use:
gcloud app deploy -v endpoint
Now, my endpoints is deploying and open for everybody. You can access them free. No security in them.
https:// XXXX /_ah/api/ganadero/v1/ganadero/documentos?idExplotacion=5668600916475904
3ª option:
In my endpoints class:
@endpoints.api(name='ganadero', version='v1',
issuers={'auth0_jwk': endpoints.Issuer('https:// ZZZZZ.eu.auth0.com',
'https:// ZZZZZ.eu.auth0.com/.well-known/jwks.json')})
class GanaderoAPI(remote.Service):
I compiled with the next command:
python lib/endpoints/endpointscfg.py get_openapi_spec main.GanaderoAPI --hostname ganadero-api.endpoints. XXXX.appspot.com
My openapi.json is the next:
"/ganadero/v1/ganadero/ususarios": {
"get": {
"operationId": "GanaderoAPI_obtenerExplotaciones",
"parameters": [
{
"format": "int64",
"in": "query",
"name": "identificador",
"type": "string"
},
{
"in": "query",
"name": "nombre",
"type": "string"
},
{
"in": "query",
"name": "email",
"type": "string"
},
{
"in": "query",
"name": "metadatoEmail",
"type": "string"
}
],
"responses": {
"200": {
"description": "A successful response",
"schema": {
"$ref": "#/definitions/MainMensajeUsuario"
}
}
}
}
}
},
"produces": [
"application/json"
],
"schemes": [
"http"
],
"securityDefinitions": {
"auth0_jwk": {
"authorizationUrl": "",
"flow": "implicit",
"type": "oauth2",
"x-google-issuer": "https://ZZZZZ.eu.auth0.com",
"x-google-jwks_uri": "https://ZZZZZ.eu.auth0.com/.well-known/jwks.json"
}
},
"swagger": "2.0"
}
Next, i use the next command:
gcloud service-management deploy ganaderov1openapi.json
Waiting for async operation operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:66091d01-910d-485d-af58-1a68a2dd2321 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/serviceConfigs.ganadero-api.endpoints.XXXXX.appspot.com:66091d01-910d-485d-af58-1a68a2dd2321
WARNING: ganaderov1openapi.json: Operation 'delete' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'put' in path '/ganadero/v1/ganadero/animal': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/animales': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/compraVenta': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/compraventa': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'delete' in path '/ganadero/v1/ganadero/documento': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/documento': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/documentos': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/explotacion': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'post' in path '/ganadero/v1/ganadero/usuario': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
WARNING: ganaderov1openapi.json: Operation 'get' in path '/ganadero/v1/ganadero/ususarios': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.
Waiting for async operation operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r3 to complete...
Operation finished successfully. The following command can describe the Operation details:
gcloud service-management operations describe operations/rollouts.ganadero-api.endpoints.XXXXX.appspot.com:2017-08-27r3
Service Configuration [2017-08-27r3] uploaded for service [ganadero-api.endpoints.XXXXX.appspot.com]
To manage your API, go to: https://console.cloud.google.com/endpoints/api/ganadero-api.endpoints.XXXXX.appspot.com/overview?project=ganadero-146707
Next, I use:
gcloud app deploy -v endpoint
Now, my endpoints is deploying and open for everybody. You can access them free. No security in them.
https:// XXXX /_ah/api/ganadero/v1/ganadero/documentos?idExplotacion=5668600916475904
