Google Cloud OAuth 同意屏幕未反映(内部)应用程序 scope 的更改
[英]Google Cloud OAuth consent screen not reflecting changes to scope of (internal) app
问题描述
Background
背景
I initially set my Google Cloud application up with the full Google Drive scope ( ../auth/drive ) and tested the connection to my personal account (ie gave the app permission).我最初使用完整的 Google Drive scope ( ../auth/drive ) 设置我的 Google Cloud 应用程序并测试与我的个人帐户的连接(即授予应用程序权限)。 I am using PyDrive FYI.我正在使用PyDrive仅供参考。
I subsequently deleted the app from my personal account ( Disconnect from Drive ), removed the full scope in the OAuth consent screen settings and replaced it with just the ../auth/drive.file scope.我随后从我的个人帐户中删除了该应用程序(与驱动器断开连接),删除了OAuth 同意屏幕设置中的完整 scope,并将其替换为仅../auth/drive.file Z31A1FD140BE4BEF2D11E181EC9A1。
I then deleted the OAuth credentials and recreated them (and re-downloaded them to my machine), just to be on the safe side.然后我删除了 OAuth 凭据并重新创建它们(并将它们重新下载到我的机器上),只是为了安全起见。
Expected behaviour预期行为
When presented with the OAuth screen, I now expect the scope to reflect that the app only will have access to the files and folders it has created itself.当出现 OAuth 屏幕时,我现在希望 scope 反映该应用程序只能访问它自己创建的文件和文件夹。
Actual behaviour实际行为
The OAuth consent screen still tells me the app will have access to all files and folders in my Drive. OAuth 同意屏幕仍然告诉我该应用程序将有权访问我的云端硬盘中的所有文件和文件夹。
Code I am using to authenticate我用来验证的代码
from pydrive.auth import GoogleAuth
from pydrive.drive import GoogleDrive
...
gauth = GoogleAuth()
gauth.LoadCredentialsFile("app_user_secrets.json")
if gauth.credentials is None:
gauth.GetFlow()
gauth.flow.params.update({"access_type": "offline"})
gauth.flow.params.update({"approval_prompt": "force"})
gauth.LocalWebserverAuth()
elif gauth.access_token_expired:
gauth.Refresh()
else:
gauth.Authorize()
gauth.SaveCredentialsFile("app_user_secrets.json")
drive = GoogleDrive(gauth)
Any ideas why this is happening or how I can work around it?任何想法为什么会发生这种情况或我如何解决它?
1 个解决方案
解决方案1
0 2020-05-26 08:11:28
Turns out PyDrive sets its own OAuth scopes by default unless you overwrite them.结果PyDrive默认设置自己的 OAuth 范围,除非你覆盖它们。 The default is https://www.googleapis.com/auth/drive as outlined here: https://pythonhosted.org/PyDrive/oauth.html#automatic-and-custom-authentication-with-settings-yaml .默认值为https://www.googleapis.com/auth/drive ,如下所述: https://pythonhosted.org/PyDrive/oauth.html#automatic-and-custom-authentication-with-settings-yaml 。
I fixed and overrode this by editing my authentication flow and including the following line before the LocalWebserverAuth() command.我通过编辑身份验证流程并在LocalWebserverAuth()命令之前包含以下行来修复并覆盖此问题。
gauth.settings["oauth_scope"] = "https://www.googleapis.com/auth/drive.file"
Another alternative would have been to author my own settings.yaml file but I did not want to go down that route.另一种选择是编写我自己的settings.yaml文件,但我不想 go 沿着这条路线走。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.