1. 技术文章
  2. Anonymous caller does not have storage.objects.get

Anonymous caller does not have storage.objects.get

懵懂的女人 提交于 2020-03-01 04:18:02

问题


On Google App Engine (GAE) written in Python.

I am trying to issue an http post to cloud-speech-to-text api and using URI audio source (Google Cloud Storage Bucket Objects).

I am using the following headers;

Authorization: BASIC encoded_base64(username:password)

But I still keep getting an error response below:

{ "error": { "code": 403, "message": "Anonymous caller does not have storage.objects.get access to bucket_of_secrets/four_score_seven_years.flac.", "status": "PERMISSION_DENIED" } }

So I have a couple of questions;

  1. Does BASIC Authorization Header work in Google HTTP API?
  2. What username:password should I use? Is it my GCP account email and password? i.e. handsome_dude@gmail.com:deluded_fool

Where handsome_dude@gmail.com is the username and deluded_fool is the password.

I've tried setting the bucket objects to be public readable and of course the http call works... but I would rather avoid setting my bucket objects public readable.

Here's a sample Curl request:

curl -X POST 

https://speech.googleapis.com/v1/speech:longrunningrecognize?key=<secret_api_key> -d @sample.json -H "Content-Type: application/json, Authorization:  Basic base64encodedusername:password"

Here's a snippet in my python code using urlfetch:

url_post = urlfetch.fetch(url=speech_to_text_url_post, payload=json.dumps(data_to_post), method=urlfetch.POST, headers={"Content-Type" : "application/json", "Authorization" : "Basic "+encoded_user_password})

回答1:


1.Does BASIC Authorization Header work in Google HTTP API?

No, It is not working on Google APIs. You need to attach OAuth2.0 accessToken to Authorization Header as bearer token like Authorization: Bearer ${yourAccessToken}.

I have 2 recommendations to develop some application running on gae.

  1. Use ClientLibrary to call Google APIs.
  2. You can use AppEngineDefaultCredential to call Google APIs. Do not forget to set permissions to your AppEngineDefaultServiceAccount (${projectId}@appspot.gserviceaccount.com) before issue your request. You can configure those permissions on IAM page in cloud console.

Also I recommend you to read this page about How to authenticate your api call.



来源:https://stackoverflow.com/questions/56302658/anonymous-caller-does-not-have-storage-objects-get

标签
google-app-engine
google-cloud-platform
http-headers
google-cloud-storage
urlfetch
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!