问题
We are using One Click Action Email Markup in our application. Our email has been white-listed the email id (XXX@YYY.com) from which we are sending the emails.
We are getting AppIdentityError: Wrong recipient, when we try to verify the Bearer Token. Complete stacktrace:
File "./app/components/happier_pages/py/lib/oauth2client/util.py", line 142, in positional_wrapper return wrapped(*args, **kwargs) File "./app/components/happier_pages/py/lib/oauth2client/client.py", line 1706, in verify_id_token return crypt.verify_signed_jwt_with_certs(id_token, certs, audience) File "./app/components/happier_pages/py/lib/oauth2client/crypt.py", line 170, in verify_signed_jwt_with_certs (aud, audience, json_body)) AppIdentityError: Wrong recipient, "domain.com" != "service-account-id" {"iss":"accounts.google.com","aud":"mydomain.com","sub":"1234556789","email_verified":true,"azp":"gmail@system.gserviceaccount.com","id":"123456789","verified_email":true,"email":"gmail@system.gserviceaccount.com","cid":"gmail@system.gserviceaccount.com","iat":123,"exp":123}
Below is code snippet for verifying bearer token:
GMAIL_ISSUEE = 'gmail@system.gserviceaccount.com'
GOOGLE_API_CLIENT_SERVICE_ID = 'xxxxx@developer.gserviceaccount.com'
BEARER_TOKEN=self.request.headers["Authorization"].split('Bearer ')[1]
token = client.verify_id_token(BEARER_TOKEN.strip(), GOOGLE_API_CLIENT_SERVICE_ID)
The above code is extracted from https://developers.google.com/gmail/markup/actions/verifying-bearer-tokens:
回答1:
@Sagar has confirmed this has worked.
Instead of:
client.verify_id_token(BEARER_TOKEN, GOOGLE_API_CLIENT_SERVICE_ID)
Use the sender domain as the intended audience:
client.verify_id_token(BEARER_TOKEN, "yourdomain.com")
来源:https://stackoverflow.com/questions/32270999/appidentityerror-wrong-recipient-while-verifying-bearer-token