使用API对Google云端硬盘文件和服务帐户的所有权
[英]Ownership of Google Drive files and Service Account using API
问题描述
Do Service Accounts created in the Developers Console for a specific apps user (eg user@mydomain.com ) have access to the app user's documents? 
在开发人员控制台中为特定应用程序用户(例如, user@mydomain.com )创建的服务帐户是否可以访问该应用程序用户的文档? If I set the account in the AssertionCredentials() like this: 如果我在设定的帐户AssertionCredentials()是这样的:
$credentials = new Google_Auth_AssertionCredentials(...);
$credentials->sub = "user@mydomain.com";
I receive the following error: 我收到以下错误:
PHP Fatal error:
Uncaught exception 'Google_Auth_Exception' with message
'Error refreshing the OAuth2 token, message:'{
"error" : "unauthorized_client",
"error_description" : "Unauthorized client or scope in request."
}
When I don't set $credentials->sub = "user@mydomain.com" I am able to access the drive but I only see the one document " How to get started with Drive ". 当我不设置$credentials->sub = "user@mydomain.com"我可以访问该驱动器,但仅看到一个文档“ How to $credentials->sub = "user@mydomain.com" Drive ”。
If I create the document on the Service Account, is there any way to transfer ownership of the document to my apps account without enabling domain wide delegation? 如果我在服务帐户上创建文档,是否可以在不启用域范围委派的情况下将文档所有权转移到我的应用程序帐户?
2 个解决方案
解决方案1
0 已采纳 2015-07-23 21:39:22
Service Accounts are essentially their own accounts when it comes to Drive REST API, however this behavior appears inconsistent with the Google Calendar API where the Service Account can impersonate the owner accounts without domain-wide delegation. 当涉及Drive REST API时,服务帐户本质上是他们自己的帐户,但是,此行为似乎与Google Calendar API不一致,在此情况下,服务帐户可以模拟所有者帐户而无需在域范围内进行委派。 If you share any document with the Service Account email address provided in the Developers Console that document becomes accessible to the Service Account, however ownership transfer is not possible because the two accounts don't exist on the same domain. 如果您与开发人员控制台中提供的服务帐户电子邮件地址共享任何文档,则该服务帐户可以访问该文档,但是由于这两个帐户不在同一域中,因此无法进行所有权转移。
解决方案2
-1 2015-07-23 19:21:36
Do Service Accounts created in the Developer's Console for a specific apps user (eg user@mydomain.com) have access to the app user's documents? 在开发人员控制台中为特定应用程序用户(例如,user @ mydomain.com)创建的服务帐户是否可以访问该应用程序用户的文档?
No 没有
I am able to access the drive but I only see the one document "How to get started with Drive". 我可以访问该驱动器,但只能看到一个文档“如何开始使用驱动器”。
What did you expect? 您期望什么? You've created a new account so it has a single welcome file. 您已经创建了一个新帐户,因此只有一个欢迎文件。
If I create the document on the Service Account, is there any way to transfer ownership of the document to my apps account without enabling domain wide delegation? 如果我在服务帐户上创建文档,是否可以在不启用域范围委派的情况下将文档所有权转移到我的应用程序帐户?
Are you sure you've understood what a Service Account is? 您确定您了解服务帐户是什么吗? If you want the files in your account, then use a token for your account and stop using an intermediate Service Account. 如果您要在帐户中使用文件,请为您的帐户使用令牌,然后停止使用中间服务帐户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.