服务器端google授权
[英]Server-side google authorization
问题描述
I need to use the google calendar service so I need to default account for the server to use
我需要使用谷歌日历服务,所以我需要为服务器使用默认帐户
This tutorial shows how to provide end-user authorization using google本教程展示了如何使用 google 提供最终用户授权
https://developers.google.com/calendar/quickstart/dotnet https://developers.google.com/calendar/quickstart/dotnet
but I don't need user authorization, rather an authorization token from my account that is going to use google calendar.但我不需要用户授权,而是需要来自我的帐户的授权令牌,它将使用谷歌日历。
I can't find any information about it.我找不到任何关于它的信息。
They're using GoogleWebAuthorizationBroker class and its description says:他们正在使用 GoogleWebAuthorizationBroker class ,它的描述说:
"This class is only suitable for client-side use"
So which class use to server-side use?那么哪个 class 用于服务器端使用?
1 个解决方案
解决方案1
2 已采纳 2021-02-18 15:01:14
What you are looking for is a service account.您正在寻找的是服务帐户。 Service accounts are like dummy users.服务帐户就像虚拟用户。 Using gsuite your gsuite admin can setup up domain wide delegation to the service account allowing it to access the calendar on the domain.使用 gsuite,您的 gsuite 管理员可以为服务帐户设置域范围的委派,允许它访问域上的日历。 Once the service account has been granted access you wont need any authorization.一旦服务帐户被授予访问权限,您将不需要任何授权。 Its all automated server side.它的所有自动化服务器端。
public static class ServiceAccountExample
{
/// <summary>
/// Authenticating to Google using a Service account
/// Documentation: https://developers.google.com/accounts/docs/OAuth2#serviceaccount
/// </summary>
/// <param name="serviceAccountEmail">From Google Developer console https://console.developers.google.com</param>
/// <param name="serviceAccountCredentialFilePath">Location of the .p12 or Json Service account key file downloaded from Google Developer console https://console.developers.google.com</param>
/// <returns>AnalyticsService used to make requests against the Analytics API</returns>
public static CalendarService AuthenticateServiceAccount(string serviceAccountEmail, string serviceAccountCredentialFilePath, string[] scopes)
{
try
{
if (string.IsNullOrEmpty(serviceAccountCredentialFilePath))
throw new Exception("Path to the service account credentials file is required.");
if (!File.Exists(serviceAccountCredentialFilePath))
throw new Exception("The service account credentials file does not exist at: " + serviceAccountCredentialFilePath);
if (string.IsNullOrEmpty(serviceAccountEmail))
throw new Exception("ServiceAccountEmail is required.");
// For Json file
if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".json")
{
GoogleCredential credential;
using (var stream = new FileStream(serviceAccountCredentialFilePath, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential.FromStream(stream)
.CreateScoped(scopes);
}
// Create the Analytics service.
return new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Calendar Service account Authentication Sample",
});
}
else if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".p12")
{ // If its a P12 file
var certificate = new X509Certificate2(serviceAccountCredentialFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = scopes
}.FromCertificate(certificate));
// Create the Calendar service.
return new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Calendar Authentication Sample",
});
}
else
{
throw new Exception("Unsupported Service accounts credentials.");
}
}
catch (Exception ex)
{
throw new Exception("CreateServiceAccountCalendarFailed", ex);
}
}
}
Code ripped from ServiceAccount.cs从ServiceAccount.cs中提取的代码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.