通过RESTful方法对Google API进行身份验证

Question

I need to post events that are parsed out of standardized e-mails to a shared google calendar automatically. Parsing the e-mails to create JSON objects I can do (and have done). But I've never actually used JSON—I don't know how to submit this to Google Calendar. I've read and re-read Google's documentation, but I don't clearly understand it. Primarily, I don't understand how authentication can be completed without a user actually being there to input acceptance, which would defeat the purpose of this app.

Basically I am a designer turned amateur developer, and I'm strongest in PHP, with Javascript trailing behind significantly. I've built a web-app that will periodically call an HTTP request to a php document that should, having found new e-mails with events to post, parse them and post the events they contain. Every part of this is ready and waiting except for the posting part. If anyone can help me wrap my head around what is conceptually required to have a quiet, automatic procedure for posting to a Google Calendar I would be hugely grateful. So far—just trying to get my feet in the water—this is where I've gotten to:

<?php 
$url = "https://www.googleapis.com/calendar/v3/calendars/".$calendar."/events?sendNotifications=false&key={".$api_key."}";
?>

<script>
function goGoogle() {
data = "a json object will go here";
xhr = new XMLHttpRequest();
xhr.open("POST", "<?php echo $url?>", true);
xhr.setRequestHeader("Content-type", "application/json");
xhr.send(data); 
xhr.onreadystatechange = function() {
    alert(xhr.responseText);
}
}
</script>
<button onclick="goGoogle()">Sigh</button>

From the alert(xhr.responseText) call I get this at stages 2&3:

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "required",
    "message": "Login Required",
    "locationType": "header",
    "location": "Authorization"
   }
  ],
  "code": 401,
  "message": "Login Required"
 }
}

Now, I realize I haven't actually provided any authentication, here, so I'm not surprised it's failed. The problem is that I don't know how to authenticate. Help!? :)

Answer 1

First, making sure I understand - you have an app that receives emails from various users and you want to post content from those emails to a shared Google calendar that requires authentication (otherwise you would have the ability to post those events to, say, my calendar which I wouldn't like at all). Furthermore, your app needs to do this without involving the end user. However, you have some credentials/authentication to the shared calendar that you can encode in your app. (Otherwise you could again be posting to my calendar). And finally, the entries that you make in the calendar will be "owned" by your app (that is to say, you would not have entered them on behalf of one of the users - since you don't have their credentials and they are not available to grant permission).

If all this is correct I think the place that you might start is to use ClientLogin authentication to the Google Calendar API. The relevant documentation is at: https://developers.google.com/google-apps/calendar/v2/developers_guide_protocol#AuthClientLogin
Your app would use the credentials/authentication information that you have to access the shared calendar.

That page may also have additional information for you.

My apologies if I misunderstood your question or if my response is too vague. I haven't accessed the CalendarAPI in code, but I have been working on Authentication and OAuth2 code for the past few weeks.