我有以下规范,
# [START swagger]
swagger: "2.0"
info:
description: "A simple Google Cloud Endpoints API example."
title: "Endpoints Example"
version: "1.0.0"
# [END swagger]
# For App Engine deployments, delete the above "host:" line and remove the "# "
# from the following line. Then change YOUR-PROJECT-ID to your project id.
host: "<Hostname>"
basePath: "/"
consumes:
- "application/json"
produces:
- "application/json"
schemes:
- "https"
paths:
"/users/{latitude}/{longitude}":
get:
description: List of users
operationId: fetchusers
produces:
- application/json
- application/xml
- text/xml
- text/html
parameters:
- name: latitude
in: path
description: Latitude component of location.
required: true
type: number
format: double
- name: longitude
in: path
description: Longitude component of location.
required: true
type: number
format: double
responses:
'200':
description: List of nearest users
schema:
$ref: '#/definitions/users'
default:
description: unexpected error
schema:
$ref: '#/definitions/errorModel'
security:
- firebase: []
"/users":
get:
description: List of users
operationId: fetchAllusers
produces:
- application/json
parameters:
- description: "users List"
in: body
name: message
required: true
schema:
$ref: "#/definitions/echoMessage"
responses:
'200':
description: List of nearest users
schema:
$ref: '#/definitions/users'
default:
description: unexpected error
schema:
$ref: '#/definitions/errorModel'
security:
- firebase: []
"/users/search":
post:
description: "Search users"
operationId: "searchusers"
produces:
- "application/json"
responses:
200:
description: "users List"
schema:
$ref: "#/definitions/echoMessage"
parameters:
- description: "Search Criteria"
in: body
name: message
required: true
schema:
$ref: "#/definitions/echoMessage"
security:
- firebase: []
"/auth/info/googlejwt":
get:
description: "Returns the requests' authentication information."
operationId: "auth_info_google_jwt"
produces:
- "application/json"
responses:
200:
description: "Authenication info."
schema:
$ref: "#/definitions/authInfoResponse"
security:
- google_jwt: []
"/auth/info/googleidtoken":
get:
description: "Returns the requests' authentication information."
operationId: "authInfoGoogleIdToken"
produces:
- "application/json"
responses:
200:
description: "Authenication info."
schema:
$ref: "#/definitions/authInfoResponse"
security:
- google_id_token: []
definitions:
echoMessage:
properties:
message:
type: "string"
authInfoResponse:
properties:
id:
type: "string"
email:
type: "string"
# This section requires all requests to any path to require an API key.
security:
- api_key: []
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "header"
# This section configures authentication using Google API Service Accounts
# to sign a json web token. This is mostly used for server-to-server
# communication.
google_jwt:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
# This must match the 'iss' field in the JWT.
x-google-issuer: "jwt-client.endpoints.sample.google.com"
# Update this with your service account's email address.
x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL"
# This must match the "aud" field in the JWT. You can add multiple
# audiences to accept JWTs from multiple clients.
x-google-audiences: "echo.endpoints.sample.google.com"
# This section configures authentication using Google OAuth2 ID Tokens.
# ID Tokens can be obtained using OAuth2 clients, and can be used to access
# your API on behalf of a particular user.
google_id_token:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "https://accounts.google.com"
x-google-jwks_uri: "https://www.googleapis.com/oauth2/v3/certs"
# Your OAuth2 client's Client ID must be added here. You can add
# multiple client IDs to accept tokens from multiple clients.
x-google-audiences: "YOUR-CLIENT-ID"
firebase:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "https://securetoken.google.com/<PROJECT-ID>"
x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/metadata/x509/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="14677177616671607b7f717a54676d676071793a73677166627d77717577777b617a603a777b79" rel="noreferrer noopener nofollow">[email protected]</a>"
x-google-audiences: "<PROJECT-ID>"
而且还会有更多服务。正如你所看到的,我已经给出了各种安全定义。我将为不同的路径使用不同的安全定义。默认情况下,我想为所有路径启用 api_key,但我想为某些路径禁用此安全性,如何实现这一点?
最佳答案
我认为您应该按照以下步骤关闭特定方法的 API key 验证,即使您限制了 API 访问
- 在文本编辑器中打开项目的 openapi.yaml 文件。
- 在方法的定义中添加一个空安全指令:
paths:
"/echo":
post:
description: "Echo back a given message."
operationId: "echo"
security: []
produces:
引用:https://cloud.google.com/endpoints/docs/openapi/restricting-api-access-with-api-keys
关于jsonschema - 开放 API 规范 JWT - 子路径没有安全性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45162453/