Google OAuth 使用域范围的委派和服务帐户
[英]Google OAuth using domain wide delegation and service account
问题描述
I am trying to make google drive API calls using domain wide delegation by using a service account.
我正在尝试通过使用服务帐户使用域范围委派使谷歌驱动器 API 调用。 I can get the authentication working but not the drive api calls.我可以使身份验证正常工作,但不能使驱动器 api 调用。 Error: File not found when creating a file in drive错误:在驱动器中创建文件时找不到文件
Also before domain wide delegation I made it to work by sharing a drive folder with the service account.同样在域范围委派之前,我通过与服务帐户共享驱动器文件夹使其工作。 But now I want it to work without sharing.但现在我希望它在不共享的情况下工作。
I think i need to do some setServiceAccount stuff somewhere.我想我需要在某个地方做一些 setServiceAccount 的事情。 Not sure where that would happen.不知道会发生在哪里。
const {google} = require('googleapis');
const auth = new google.auth.JWT(
client_email, null,
privateKey, ['https://www.googleapis.com/auth/drive']
);
const drive = google.drive({version: "v3", auth});
//drive.files.create({});
1 个解决方案
解决方案1
1 已采纳 2020-05-21 10:57:05
Answer:回答:
You need to pass your Service Account private key obtained from the GCP console to your JWT Client, and specify which user you wish to impersonate as a subject .您需要将从 GCP 控制台获取的 Service Account 私钥传递给您的 JWT 客户端,并指定您希望模拟为subject的用户。
Code:代码:
After getting your private key, you need to pass this into your JWT Client before authorisation:获取您的私钥后,您需要在授权之前将其传递给您的 JWT 客户端:
let google = require('googleapis');
let privateKey = require("./privatekey.json");
var jwtClient = new google.auth.JWT({
email: privateKey.client_email,
key: privateKey.private_key,
scopes: ['https://www.googleapis.com/auth/drive'],
subject: 'user@domain.com'
});
jwtClient.authorize(function (error, tokens) {
if (error) {
console.log(error);
return;
}
else {
console.log("Successfully connected!");
}
});
Then you can do as you wish with the Drive API as the service account.然后,您可以使用 Drive API 作为服务帐户随心所欲地进行操作。
I hope this is helpful to you!我希望这对你有帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.