英文:
Validate Google OAuth 2 access token in Ruby with googleauth gem
问题
我有一个前端的React应用程序,它从一个Rails 7 API获取数据。该应用程序使用Google登录。在每个对API的请求中,它都在Authorization标头中包括从Google接收的访问令牌,这就是我遇到问题的地方。我想要在我的Rails控制器中的before_action中验证令牌。一切迹象都表明googleauth gem 是实现这一目标的方法,但我无法弄清楚如何做以及文档很少。到目前为止,我有以下代码:
def validate_access_token
access_token = request.headers['Authorization']&.gsub(/bearer /i, '')
key_source = Google::Auth::IDTokens::HttpKeySource.new('https://www.googleapis.com/oauth2/v3/certs')
verifier = Google::Auth::IDTokens::Verifier.new(key_source:)
verifier.verify(access_token)
rescue Google::Auth::IDTokens::VerificationError => e
# 处理错误并返回未经授权的响应
end
我已经在几个我知道是有效的令牌上进行了测试,但它引发了签名错误,说该令牌无法验证为由Google发布。有可能我在使用错误的密钥源,但我不知道还有什么其他密钥源可用,因为再次强调,Ruby的文档几乎不存在。
我正在使用googleauth gem 的版本1.3.0。我还尝试使用Faraday来联系Google的tokeninfo端点,并获得了类似的结果。我不知道为什么它说我的令牌无效,当我刚刚从Google那里直接获取它们。
英文:
I have a front end React app that consumes data from a Rails 7 API. The app uses Sign in with Google. On each request to the API, it includes the access token received from Google in the Authorization header and that's the point where I'm stuck. I want to validate the token in a before_action in my Rails controllers. All signs indicate that the googleauth gem is the way to do this, but I can't figure out how to do it and docs are minimal. So far I have this code:
def validate_access_token
access_token = request.headers['Authorization']&.gsub(/bearer /i, '')
key_source = Google::Auth::IDTokens::HttpKeySource.new('https://www.googleapis.com/oauth2/v3/certs')
verifier = Google::Auth::IDTokens::Verifier.new(key_source:)
verifier.verify(access_token)
rescue Google::Auth::IDTokens::VerificationError => e
# Handle error and return unauthorized response
end
I have tested this on several tokens I know are valid and it has raised signature errors, saying the token can't be verified as issued by Google. It's possible I'm using the wrong key source but I don't know what other one to use because, again, docs for Ruby are nonexistent.
I'm using version 1.3.0 of the googleauth gem. I've also tried using Faraday to contact Google's tokeninfo endpoint and gotten similar results. I don't know why it's saying my tokens are invalid when I just got them directly from Google.
答案1
得分: 0
你在初始化 Google::Auth::IDTokens::Verifier 时是否提供了 key_source 的值?
尝试使用以下代码:
verifier = Google::Auth::IDTokens::Verifier.new(key_source: Google::Auth::IDTokens::JwkVerifier::DEFAULT_CERT_URI)
verifier.verify(token)
英文:
did you provide any value for key_source when initializing Google::Auth::IDTokens::Verifier?
try
verifier = Google::Auth::IDTokens::Verifier.new(key_source: Google::Auth::IDTokens::JwkVerifier::DEFAULT_CERT_URI)
verifier.verify(token)
答案2
得分: 0
我意识到我在验证访问令牌时不小心使用了错误的密钥,因此进一步的调查引导我到这篇博客文章:https://mpierrax.medium.com/firebase-authentification-with-ruby-on-rails-backend-a9f7afc4d715
这里的解决方案是确保我正在使用正确的密钥值,一旦我这样做了,就可以使用Faraday(任何HTTP客户端都可以)直接联系验证API端点。
英文:
I realised that somehow I was using the wrong key to verify the access token, so further investigation led me to this blog post: https://mpierrax.medium.com/firebase-authentification-with-ruby-on-rails-backend-a9f7afc4d715
The solution here was to make sure I was using the correct key value and, once I was doing that, use Faraday (any HTTP client would work) to contact the validation API endpoint directly.
答案3
得分: 0
`googleauth` 宝石 v1.5.2
```ruby
key_source = Google::Auth::IDTokens::JwkHttpKeySource.new(Google::Auth::IDTokens::OAUTH2_V3_CERTS_URL)
verifier = Google::Auth::IDTokens::Verifier.new(key_source: key_source)
verifier.verify(token)
英文:
googleauth gem v1.5.2
key_source = Google::Auth::IDTokens::JwkHttpKeySource.new(Google::Auth::IDTokens::OAUTH2_V3_CERTS_URL)
verifier = Google::Auth::IDTokens::Verifier.new(key_source: key_source)
verifier.verify(token)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论