Endpoints bug fix and updates (GoogleCloudPlatform#483)

Author: bshaffer

endpoints/getting-started/README.md

@@ -51,19 +51,33 @@ With the API key, you can use the echo client to access the API:
 
 ### Using the JWT client.
 
-The JWT client demonstrates how to use service accounts to authenticate to endpoints. To use the client, you'll need both an API key (as described in the echo client section) and a service account. To create a service account:
+The JWT client demonstrates how to use service accounts to authenticate to
+endpoints. To use the client, you'll need both an API key (as described in the
+echo client section) and a service account. To create a service account:
 
 1. Open the Credentials page of the API Manager in the [Cloud Console](https://console.cloud.google.com/apis/credentials).
 2. Click 'Create credentials'.
 3. Select 'Service account key'.
 4. In the 'Select service account' dropdown, select 'Create new service account'.
 5. Choose 'JSON' for the key type.
+6. Click on your newly created service account credentials and then click the
+   'Download JSON' button to download a json file with your credentials. You
+   will use this later.
 
 To use the service account for authentication:
 
-1. Update the `google_jwt`'s `x-google-jwks_uri` in `openapi.yaml` with your service account's email address.
+1. Update `YOUR-SERVICE-ACCOUNT-EMAIL` with your service account's email address
+   in `openapi.yaml` (if you're using GKE or GCE) or `openapi-appengine.yaml`
+   (if you're using App Engine Flex).
+
+        google_jwt:
+          # Update this with your service account's email address.
+          x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL"
+
 2. Redeploy your application.
 
+        gcloud app deploy
+
 Now you can use the JWT client to make requests to the API:
 
     $ php endpoints.php make-request https://YOUR-PROJECT-ID.appspot.com YOUR-API-KEY /path/to/service-account.json
@@ -76,16 +90,35 @@ The ID Token client demonstrates how to use user credentials to authenticate to
 2. Click 'Create credentials'.
 3. Select 'OAuth client ID'.
 4. Choose 'Other' for the application type.
+5. Click on your newly created client credentials and then click the 'Download JSON'
+   button to download a json file with your credentials. You will use this later.
 
 To use the client ID for authentication:
 
-1. Update `google_id_token: x-google-audiences` in `openapi.yaml` with your client ID.
+1. Update `YOUR-CLIENT-ID` in with your client ID in `openapi.yaml` (if you're
+   using GKE or GCE) or `openapi-appengine.yaml` (if you're using App Engine
+   Flex).
+
+        google_id_token:
+          # Your OAuth2 client's Client ID must be added here. You can add
+          # multiple client IDs to accept tokens from multiple clients.
+          x-google-jwks_uri: "YOUR-CLIENT-ID"
+
 2. Redeploy your application.
 
+        gcloud app deploy
+
 Now you can use the client ID to make requests to the API:
 
     $ php endpoints.php make-request https://YOUR-PROJECT-ID.appspot.com YOUR-API-KEY /path/to/client-secrets.json
 
+
+If you experience any issues, try running `gcloud endpoints configs describe` to
+debug the service:
+
+    gcloud endpoints configs describe YOUR-CONFIG-ID --service=YOUR-PROJECT-ID.appspot.com
+
+
 ## Viewing the Endpoints graphs
 
 By using Endpoints, you get access to several metrics that are displayed graphically in the Cloud Console.

endpoints/getting-started/app.php

@@ -28,6 +28,18 @@
 // create the Silex application
 $app = new Application();
 
+$app->get('/', function () use ($app) {
+    // Simple echo service.
+    $url = 'https://github.com/GoogleCloudPlatform/php-docs-samples/blob/master/endpoints/getting-started/README.md';
+
+    $welcome = sprintf(
+        'Welcome to the Endpoints getting started tutorial!' .
+        'Please see the README for instructions',
+        $url
+    );
+    return $welcome;
+});
+
 $app->post('/echo', function () use ($app) {
     // Simple echo service.
     $message = $app['request']->get('message');

endpoints/getting-started/app.yaml

@@ -1,12 +1,16 @@
 runtime: php
 env: flex
 
+runtime_config:
+  document_root: .
+
 endpoints_api_service:
   # The following values are to be replaced by information from the output of
   # 'gcloud service-management deploy openapi.yaml' command. If you have
   # previously run the deploy command, you can list your existing configuration
   # ids using the 'configs list' command as follows:
-  # 'gcloud service-management configs list --service=echo-api.endpoints.[PROJECT-ID].cloud.goog'
-  # where echo-api.endpoints.[PROJECT-ID].cloud.goog is your Endpoints service name.
+  #
+  #     gcloud endpoints configs list --service=YOUR-PROJECT-ID.appspot.com
+  #
   name: ENDPOINTS SERVICE NAME
   config_id: ENDPOINTS CONFIG ID

endpoints/getting-started/openapi.yaml

@@ -83,25 +83,25 @@ securityDefinitions:
   # to sign a json web token. This is mostly used for server-to-server
   # communication.
   google_jwt:
+    # Update this with your service account's email address.
+    x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL"
     authorizationUrl: ""
     flow: "implicit"
     type: "oauth2"
     # This must match the 'iss' field in the JWT.
     x-google-issuer: "jwt-client.endpoints.sample.google.com"
-    # Update this with your service account's email address.
-    x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL"
     # This must match the "aud" field in the JWT. You can add multiple
     # audiences to accept JWTs from multiple clients.
     x-google-audiences: "echo.endpoints.sample.google.com"
   # This section configures authentication using Google OAuth2 ID Tokens.
   # ID Tokens can be obtained using OAuth2 clients, and can be used to access
   # your API on behalf of a particular user.
   google_id_token:
+    # Your OAuth2 client's Client ID must be added here. You can add
+    # multiple client IDs to accept tokens from multiple clients.
+    x-google-audiences: "YOUR-CLIENT-ID"
     authorizationUrl: ""
     flow: "implicit"
     type: "oauth2"
     x-google-issuer: "https://accounts.google.com"
     x-google-jwks_uri: "https://www.googleapis.com/oauth2/v3/certs"
-    # Your OAuth2 client's Client ID must be added here. You can add
-    # multiple client IDs to accept tokens from multiple clients.
-    x-google-audiences: "YOUR-CLIENT-ID"