[英]OAuth2 token, message: '{ “error” : “access_denied” }' returned when I try to update Google Calendar using OAuth (Service Account)
I am using Google Standard Library for PHP for using Calendar Service and I have set up a Service Account type for OAuth 2.0 Authentication through Google API Console.我正在使用适用于 PHP 的 Google 标准库来使用日历服务,并且我已经通过 Google API 控制台为 OAuth 2.0 身份验证设置了服务帐户类型。
My main objective is to update the user's google calendar (eg: user@organisationname.com) (when user is not online) through a batch.我的主要目标是通过批处理更新用户的谷歌日历(例如:user@organisationname.com)(当用户不在线时)。 Eg.
例如。 updating an event in the users calendar.
更新用户日历中的事件。
When the user logs in the application (using OAuth2.0) he/she will provide permission for the application to "Manage your calendars","View your calendars" and to "Perform these operations when I'm not using the application"当用户登录应用程序(使用 OAuth2.0)时,他/她将为应用程序提供“管理您的日历”、“查看您的日历”和“在我不使用应用程序时执行这些操作”的权限
Following code is used to login using OAuth2.0以下代码用于使用OAuth2.0登录
<?php
require_once '../../src/Google_Client.php';
require_once '../../src/contrib/Google_CalendarService.php';
session_start();
$client = new Google_Client();
$client->setApplicationName("Google Calendar PHP Starter Application");
$client->setClientId('XXXXX-flue2a9o5ll602ovrhaejlpm9otgjh1r.apps.googleusercontent.com');
$client->setClientSecret('XXXXXXXXXX');
$client->setRedirectUri('http://localhost/testAPI/google-api-php-client/examples/calendar/simple.php');
$client->setDeveloperKey('AIzaSyCGvXRXGMo58ZDswyb4zBkJgRMLcHBRIrI');
$cal = new Google_CalendarService($client);
if (isset($_GET['logout'])) {
unset($_SESSION['token']);
}
if (isset($_GET['code'])) {
$client->authenticate($_GET['code']);
$_SESSION['code']=$_GET['code'];
$_SESSION['token'] = $client->getAccessToken();
header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}
if (isset($_SESSION['token'])) {
$client->setAccessToken($_SESSION['token']);
}
if ($client->getAccessToken()) {
$calList = $cal->calendarList->listCalendarList();
print "<h1>Calendar List</h1><pre>" . print_r($calList, true) . "</pre>";
echo $_SESSION['code'];
$_SESSION['token'] = $client->getAccessToken();
} else {
$authUrl = $client->createAuthUrl();
print "<a class='login' href='$authUrl'>Connect Me!</a>";
}
?>
Once I get permissions do I have to save something to use these permissions in future when the user is not logged in?获得权限后,我是否必须保存一些内容以便将来在用户未登录时使用这些权限?
Following code works fine when user is logged in. But returns Error refreshing the OAuth2 token, message: '{ "error" : "access_denied" }' when user is logged out以下代码在用户登录时工作正常。但在用户注销时返回错误刷新 OAuth2 令牌,消息:'{ "error" : "access_denied" }'
<?php
require_once '../src/Google_Client.php';
require_once '../src/contrib/Google_CalendarService.php';
session_start();
const CLIENT_ID = 'XXXXXX.apps.googleusercontent.com';
const SERVICE_ACCOUNT_NAME = 'XXXX@developer.gserviceaccount.com';
const KEY_FILE = 'f183b8caXXXXXXXXatekey.p12';
$client = new Google_Client();
$client->setApplicationName("XXXXXXXX Calendar Service");
if (isset($_SESSION['token'])) {
$client->setAccessToken($_SESSION['token']);
}
$key = file_get_contents(KEY_FILE);
$client->setClientId(CLIENT_ID);
$client->setAssertionCredentials(new Google_AssertionCredentials(
SERVICE_ACCOUNT_NAME,
array('https://www.googleapis.com/auth/calendar'),
$key,
'notasecret',
'http://oauth.net/grant_type/jwt/1.0/bearer',
'363183053@developer.gserviceaccount.com')
);
$client->setClientId(CLIENT_ID);
$cal = new Google_CalendarService($client);
try{
$cal->events->quickAdd("info@organisationname.com", "SERVICE TEST ");
}catch(Exception $e){
print_r($e->getMessage());
}
// We're not done yet. Remember to update the cached access token.
// Remember to replace $_SESSION with a real database or memcached.
if ($client->getAccessToken()) {
echo $_SESSION['token'] = $client->getAccessToken();
}
What should I do in order to update calendar when user is not logged in (provided user has given permission).当用户未登录时,我应该怎么做才能更新日历(如果用户已授予权限)。 Should I save the Access Code when user is logged in and use it later when I want to run the batch?
我是否应该在用户登录时保存访问代码,然后在我想运行批处理时使用它?
BTW What is association handle? BTW 什么是关联句柄?
In fact you do not need to share the calendar with the service account.事实上,您不需要与服务帐户共享日历。 What needs to happen is to Delegate domain-wide authority to your service account.
需要做的是将域范围的权限委派给您的服务帐户。
The service account that you created now needs to be granted access to the Google Apps domain's user data that you want to access.您现在创建的服务帐户需要被授予访问您要访问的 Google Apps 域的用户数据的权限。
The following tasks have to be performed by an administrator of the Google Apps domain: 1. Go to your Google Apps domain's control panel.以下任务必须由 Google Apps 域的管理员执行: 1. 转到您的 Google Apps 域的控制台。 The URL should look like: https://www.google.com/a/cpanel/mydomain.com
URL 应如下所示: https : //www.google.com/a/cpanel/mydomain.com
Go to Advanced tools... > Manage third party OAuth Client access.转至高级工具... > 管理第三方 OAuth 客户端访问。
In the Client name field enter the service account's Client ID.在客户名称字段中输入服务帐户的客户 ID。
In the One or More API Scopes field enter the list of scopes that your application should be granted access to.在一个或多个 API 范围字段中,输入您的应用程序应被授予访问权限的范围列表。 For example if you need domain-wide readonly access to the Google Calendar API enter: https://www.googleapis.com/auth/calendar.readonly
例如,如果您需要对 Google Calendar API 进行域范围的只读访问,请输入: https : //www.googleapis.com/auth/calendar.readonly
Click the Authorize button.单击授权按钮。
You Getting the Error because of your Scopes not mentioned properly.由于未正确提及您的范围,您收到错误。 In Google OAuth 2.0 Scope defined :
在 Google OAuth 2.0 Scope 中定义:
Indicates the Google API access your application is requesting .
表示您的应用程序请求的 Google API 访问。 The values passed in this parameter inform the consent page shown to the user.
此参数中传递的值通知向用户显示的同意页面。 There is an inverse relationship between the number of permissions requested and the likelihood of obtaining user consent.
请求的权限数量与获得用户同意的可能性之间存在反比关系。
space delimited set of permissions the application requests
应用程序请求的以空格分隔的权限集
To Resolve the issue you have to first Change the Scope Parameters要解决此问题,您必须首先更改范围参数
Include Calender Scope in it在其中包括日历范围
Then Get the Access Token and then try to change the things然后获取访问令牌,然后尝试更改内容
Then do changes accordingly to requirements and steps provided in API Documentation然后根据 API 文档中提供的要求和步骤进行相应的更改
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.