google-api-php-client:无效的客户端密钥JSON文件
[英]google-api-php-client: Invalid client secret JSON file
问题描述
Seems that the latest version of the google-api-php-client for PHP doesn't line up with the docs @ https://developers.google.com/drive/web/examples/php 
似乎用于PHP的google-api-php-client的最新版本不符合文档@ https://developers.google.com/drive/web/examples/php
Looking at the src code I'm seeing that it's looking for keys in the downloaded JSON that the setAuthConfigFile() method can't find: client_secret, installed, web, redirect_uris (others?) are not present in the downloaded JSON. 查看src代码我发现它正在寻找下载的JSON中的setAuthConfigFile()方法无法找到的键:client_secret,installed,web,redirect_uris(其他?)在下载的JSON中不存在。 Only private_key_id, private_key, client_email, client_id, and type are present. 仅存在private_key_id,private_key,client_email,client_id和type。
The code and docs seem really disorganized and out of sync... wouldn't be the first for Google. 代码和文档似乎真的杂乱无章,不同步......不会是谷歌的第一个。 Has anyone gotten OAuth working recently using that library? 有没有人最近使用该库使OAuth工作?
4 个解决方案
解决方案1
7 2015-04-15 21:15:22
There is a difference between a "service account" and a "web apllication" to make calls to the API. “服务帐户”和“网络应用程序”之间存在差异,无法调用API。 When you created a "service account" you will get the file described above, a JSON file with private_key , client_email , client_id etc. 当您创建“服务帐户”时,您将获得上述文件,带有private_key , client_email , client_id等的JSON文件。
When you create a web application you will be given a client_id , client_secret , redirect_uri etc. 创建Web应用程序时,您将获得client_id , client_secret , redirect_uri等。
I would suggest reading these pages to choose which key and login you need (on both pages you find examples to integrate it in PHP): 我建议阅读这些页面以选择您需要的密钥和登录名(在两个页面上,您都可以找到将其集成到PHP中的示例):
You can use the Google APIs Client Library for PHP to create web server applications that use OAuth 2.0 authorization to access Google APIs.
https://developers.google.com/api-client-library/php/auth/web-app https://developers.google.com/api-client-library/php/auth/web-app
Typically, an application uses a service account when the application uses Google APIs to work with its own data rather than a user's data.
https://developers.google.com/api-client-library/php/auth/service-accounts https://developers.google.com/api-client-library/php/auth/service-accounts
解决方案2
2 2015-07-21 18:19:31
There's a new function in the php library that gets close to this, but doesn't allow setting sub, so always gives authorization fails. php库中有一个新功能,它接近于此,但不允许设置sub,因此总是授权失败。 So, first update the php library function loadServiceAccountJson in src/Google/Client.php to this: 所以,首先将src / Google / Client.php中的php库函数loadServiceAccountJson更新为:
public function loadServiceAccountJson($jsonLocation, $scopes)
{
$data = json_decode(file_get_contents($jsonLocation));
if (isset($data->type) && $data->type == 'service_account') {
// Service Account format.
$cred = new Google_Auth_AssertionCredentials(
$data->client_email,
$scopes,
$data->private_key,
'notasecret',
'http://oauth.net/grant_type/jwt/1.0/bearer',
$data->sub
);
return $cred;
} else {
throw new Google_Exception("Invalid service account JSON file.");
}
}
Then, add a value sub to the data in your server auth json file: 然后,将值sub添加到服务器auth json文件中的数据:
{
"private_key_id": "removed",
"private_key": "-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----\n",
"client_email": "removed",
"client_id": "removed",
"redirect_uris":[your urls here],
"type": "service_account",
"sub": "valid.user@google.domain.com"
}
Now, obtain authorization: 现在,获得授权:
$credentials = $client->loadServiceAccountJson('serverauth.json',"https://www.googleapis.com/auth/admin.directory.user.readonly");
$client->setAssertionCredentials($credentials);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion();
}
Where serverauth.json is the JSON keyfile downloaded from the service account you want to use, and added the sub line to. 其中serverauth.json是从您要使用的服务帐户下载的JSON密钥文件,并将子行添加到。
And lastly, create a Directory instance and query it: 最后,创建一个Directory实例并对其进行查询:
$service = new Google_Service_Directory($client);
$optParams = array(
'domain' => 'google.domain.com',
'orderBy' => 'email',
'viewType' => 'domain_public',
'query' => "givenName:'Joe' familyName:'Schmoe Jr'"
);
$results = $service->users->listUsers($optParams);
$users = $results->getUsers();
print_r($users);
解决方案3
0 2015-06-25 08:25:49
I understand your risk, You have a problem with Google API. 我了解您的风险,您的Google API存在问题。 In Google API console there are 3 kinds of json File, one is Web , second is Service and the last is Installed. 在Google API控制台中,有3种json文件,一种是Web,第二种是Service,最后一种是Installed。 the choice you many need to use is that Installed because You will get Key, Installed or other.. 您需要使用的选择是安装,因为您将获得密钥,已安装或其他..
解决方案4
0 2017-02-05 17:06:48
1) "CREDENTIALS_PATH" should point to a nonexistent file (in a writeble path) 1)“CREDENTIALS_PATH”应指向不存在的文件(在可写路径中)
2) "CLIENT_SECRET_PATH" should point to the "ID client OAuth 2.0" credential file, created and downloaded from the Google Console in the Api Credential section. 2)“CLIENT_SECRET_PATH”应指向“ID客户端OAuth 2.0”凭据文件,该文件是在Api Credential部分中从Google控制台创建和下载的。
For a server side php script, like yours, pay attention when creating the "ID client OAuth 2.0" record: on the creation wizard, you should select "other" type of application and not the "web" type. 对于服务器端PHP脚本,与您的一样,在创建“ID客户端OAuth 2.0”记录时要注意:在创建向导中,您应该选择“其他”类型的应用程序而不是“Web”类型。
Regards 问候
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.