[英]Google App Engine App - authenticate to Google Admin Directory API
I'm trying to access the Google Admin Directory API to create new Google Groups, from inside a Java app that runs on App Engine. 我正在尝试从在App Engine上运行的Java应用程序内部访问Google Admin Directory API以创建新的Google网上论坛。 I'm using the following dependencies:
我正在使用以下依赖项:
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<version>1.25.0</version>
</dependency>
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client-appengine</artifactId>
<version>1.25.0</version>
</dependency>
<dependency>
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-admin-directory</artifactId>
<version>directory_v1-rev105-1.25.0</version>
</dependency>
I'm then trying to create a Google Group, like this: 然后,我尝试创建一个Google网上论坛,如下所示:
final List<String> SCOPES = Collections.singletonList(DirectoryScopes.ADMIN_DIRECTORY_GROUP);
AppIdentityCredential appCredential = new AppIdentityCredential(SCOPES);
final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
Directory directory = new Directory.Builder(HTTP_TRANSPORT, JSON_FACTORY, getClientCredential())
.setApplicationName("Test")
.build();
com.google.api.services.admin.directory.model.Group group = new Group();
group.setEmail("test@test.com");
group.setName("test_group");
group.setDescription("test_group_desc");
Group googleGroup = directory.groups().insert(group).execute();
I get a 403
error and I think I need to authenticate in a different way. 我收到
403
错误,我认为我需要以其他方式进行身份验证。 I've looked at the following guide to using the Google API Client Library for Java on Google App Engine: 我查看了以下有关在Google App Engine上使用Java的Google API客户端库的指南:
https://developers.google.com/api-client-library/java/google-api-java-client/app-engine https://developers.google.com/api-client-library/java/google-api-java-client/app-engine
This provides a link to a guide on using OAuth 2.0 with the authorization code flow for Google App Engine applications 这提供了指向有关将OAuth 2.0与Google App Engine应用程序的授权代码流一起使用的指南的链接。
The guide gives the following example of how to create a GoogleAuthorizationCodeFlow
, however there is no explanation of what getClientCredential()
is or what I should do in that routine: 该指南提供了以下示例,说明如何创建
GoogleAuthorizationCodeFlow
,但是没有解释什么getClientCredential()
或我应该在该例程中做什么:
return new GoogleAuthorizationCodeFlow.Builder(HTTP_TRANSPORT, JSON_FACTORY,
getClientCredential(), Collections.singleton(CalendarScopes.CALENDAR)).setDataStoreFactory(
DATA_STORE_FACTORY).setAccessType("offline").build();
This section on using the App Engine Identity API looks promising, however there's no explanation of how this could be used with the Google Admin Directory API client library: 有关使用App Engine身份API的这一部分看起来很有希望,但是没有说明如何将其与Google Admin Directory API客户端库一起使用:
https://cloud.google.com/appengine/docs/standard/java/appidentity/#asserting_identity_to_google_apis https://cloud.google.com/appengine/docs/standard/java/appidentity/#asserting_identity_to_google_apis
What do I need to do to authenticate from an app that runs on App Engine? 我需要怎么做才能从在App Engine上运行的应用程序进行身份验证?
I recommend you check the java quickstart sample for Google Admin SDK Directory API. 建议您检查Java快速入门示例以获取Google Admin SDK Directory API。
For example there is a getCredentials
method which you can use instead of getClientCredential
例如,有一个
getCredentials
方法可以代替getClientCredential
/**
* Creates an authorized Credential object.
* @param HTTP_TRANSPORT The network HTTP Transport.
* @return An authorized Credential object.
* @throws IOException If the credentials.json file cannot be found.
*/
private static Credential getCredentials(final NetHttpTransport HTTP_TRANSPORT) throws IOException {
// Load client secrets.
InputStream in = AdminSDKDirectoryQuickstart.class.getResourceAsStream(CREDENTIALS_FILE_PATH);
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
// Build flow and trigger user authorization request.
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, SCOPES)
.setDataStoreFactory(new FileDataStoreFactory(new java.io.File(TOKENS_DIRECTORY_PATH)))
.setAccessType("offline")
.build();
LocalServerReceiver receiver = new LocalServerReceiver.Builder().setPort(8888).build();
return new AuthorizationCodeInstalledApp(flow, receiver).authorize("user");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.