[英]Google Coordinate OAuth2 with Service Account
I have a C# console application with Google Coordinate .Net library and Service Account open authentication. 我有一个带有Google Coordinate .Net库和“服务帐户”打开身份验证的C#控制台应用程序。
private const string SERVICE_ACCOUNT_EMAIL = "XXX@developer.gserviceaccount.com";
private const string SERVICE_ACCOUNT_PKCS12_FILE_PATH = @"<path-to-private-key-file>\YYY-privatekey.p12";
private const string GOOGLE_COORDINATE_TEAM_ID = "ZZZ";
private CoordinateService BuildService()
{
X509Certificate2 certificate = new X509Certificate2(SERVICE_ACCOUNT_PKCS12_FILE_PATH, "notasecret", X509KeyStorageFlags.Exportable);
var provider = new AssertionFlowClient(GoogleAuthenticationServer.Description, certificate){
ServiceAccountId = SERVICE_ACCOUNT_EMAIL,
Scope = CoordinateService.Scopes.Coordinate.GetStringValue()
};
var auth = new OAuth2Authenticator<AssertionFlowClient>(provider, AssertionFlowClient.GetState);
return new CoordinateService(new BaseClientService.Initializer(){
Authenticator = auth
});
}
//some code that retrieves data from coordinate service
public void DoSomething()
{
CoordinateService service = BuildService();
var response = service.Jobs.List(GOOGLE_COORDINATE_TEAM_ID).Fetch();
...
}
On retrieving list of jobs from Coordinate Service there is DotNetOpenAuth.Messaging.ProtocolException occured (inner exception "The remote server returned an error: (400) Bad Request"). 从协调中心服务检索作业列表时,发生DotNetOpenAuth.Messaging.ProtocolException(内部异常“远程服务器返回错误:(400)错误的请求”)。 Using Fiddler I managed to see response from Google OAuth service.
使用Fiddler,我设法看到了来自Google OAuth服务的响应。 JSON response object:
JSON响应对象:
{
"error" : "invalid_grant"
}
I have read some articles that suggest to change local server time in order to match with Google OAth server time. 我已经阅读了一些建议更改本地服务器时间以与Google OAth服务器时间匹配的文章。 But after changing time to one and other side the problem remains the same.
但是在将时间更改为另一方后,问题仍然相同。 Could you please give me some ideas why this is happening?
您能给我一些想法为什么会这样吗? Thanks for all responses!
感谢您的所有回复!
Service accounts cannot be used with the Coordinate API. 服务帐户不能与Coordinate API一起使用。 [this is because the Coordinate API requires authenticated API users to have a Coordinate license, but it is not possible to attach a Coordinate license to a service account]
[这是因为协调中心API要求经过身份验证的API用户具有协调中心许可证,但是无法将协调中心许可证附加到服务帐户中]
You can use the web server flow instead, please find the sample below. 您可以改用网络服务器流程,请在下面找到示例。
Make sure to update the code below, where there are comments containing "TO UPDATE". 确保更新下面的代码,其中包含“ TO UPDATE”的注释。
using System;
using System.Diagnostics;
using System.Collections.Generic;
using DotNetOpenAuth.OAuth2;
using Google.Apis.Authentication.OAuth2;
using Google.Apis.Authentication.OAuth2.DotNetOpenAuth;
using Google.Apis.Coordinate.v1;
using Google.Apis.Coordinate.v1.Data;
namespace Google.Apis.Samples.CoordinateOAuth2
{
/// <summary>
/// This sample demonstrates the simplest use case for an OAuth2 service.
/// The schema provided here can be applied to every request requiring authentication.
/// </summary>
public class ProgramWebServer
{
public static void Main (string[] args)
{
// TO UPDATE, can be found in the Coordinate application URL
String TEAM_ID = "jskdQ--xKjFiFqLO-IpIlg";
// Register the authenticator.
var provider = new WebServerClient (GoogleAuthenticationServer.Description);
// TO UPDATE, can be found in the APIs Console.
provider.ClientIdentifier = "335858260352.apps.googleusercontent.com";
// TO UPDATE, can be found in the APIs Console.
provider.ClientSecret = "yAMx-sR[truncated]fX9ghtPRI";
var auth = new OAuth2Authenticator<WebServerClient> (provider, GetAuthorization);
// Create the service.
var service = new CoordinateService(new BaseClientService.Initializer()
{
Authenticator = auth
});
//Create a Job Resource for optional parameters https://developers.google.com/coordinate/v1/jobs#resource
Job jobBody = new Job ();
jobBody.Kind = "Coordinate#job";
jobBody.State = new JobState ();
jobBody.State.Kind = "coordinate#jobState";
jobBody.State.Assignee = "user@example.com";
//Create the Job
JobsResource.InsertRequest ins = service.Jobs.Insert (jobBody, TEAM_ID, "My Home", "51", "0", "Created this Job with the .Net Client Library");
Job results = ins.Fetch ();
//Display the response
Console.WriteLine ("Job ID:");
Console.WriteLine (results.Id.ToString ());
Console.WriteLine ("Press any Key to Continue");
Console.ReadKey ();
}
private static IAuthorizationState GetAuthorization (WebServerClient client)
{
IAuthorizationState state = new AuthorizationState (new[] { "https://www.googleapis.com/auth/coordinate" });
// The refresh token has already been retrieved offline
// In a real-world application, this has to be stored securely, since this token
// gives access to all user data on the Coordinate scope, for the user who accepted the OAuth2 flow
// TO UPDATE (see below the sample for instructions)
state.RefreshToken = "1/0KuRg-fh9yO[truncated]yNVQcXcVYlfXg";
return state;
}
}
}
A refresh token can be retrieved by using the OAuth2 Playground: 可以使用OAuth2游乐场检索刷新令牌:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.