Authenticating PubSub Push messages in AppEngine

2019-04-16 04:38发布

站内问答 / 移动开发
1535 1 4

Is there a way to know for sure that a message received by app engine is from the Google PubSub service? Currently the PubSub service gets a 302 on the URLs configured as "login: admin" in appengine app.yaml. So it keeps retrying.

I would have expected this to behave like the Tasks in Appengine and automatically authenticate to "login:admin" URLs.

1条回答
走好不送
2楼-- · 2019-04-16 05:07

The FAQ recommends that when setting up your PubSub push subscription you put a shared secret token as a request parameter which you check for in your handler.

If you additionally would like to verify that the messages originated from Google Cloud Pub/Sub, you could configure your endpoint to only accept messages that are accompanied by a secret token argument, for example,

https://myapp.mydomain.com/myhandler?token=application-secret.

Since PubSub does not use appengine authentication and we are using the token to authenticate you should not specify a login key in your app.yaml entry for this handler. Here's an example:

main.py

class Handler(webapp2.RequestHandler):

    def post(self):
        token = self.request.params['token']

        if token != 'foo':
            self.abort(401, 'Not authorized')

        # do stuff


app = webapp2.WSGIApplication([
    ('/', Handler),
], debug=True)

app.yaml

runtime: python27
api_version: 1
threadsafe: true

handlers:
- url: /.*
  script: main.app
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)