stackoom
  简体   繁体   中英

How to get the email of the logged user with oauth2 service account?

 原文  2014-02-26 17:07:22       java/ oauth-2.0/ google-oauth/ google-apps-marketplace

Question

I'm trying to get the email of a user in appengine. I can't use the UserService nor , in the web.xml file.

I'm using OAuth2 with "Service Account", so that if the domain administrator, gives it high, users should be transparent.

Here's the code I'm using, but I can not reach any solution. Because when I request the user email with "Google Plus Service" , return the oauth2 clientID. 

    GoogleCredential credential = new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
        .setJsonFactory(JSON_FACTORY)
        .setServiceAccountId("Client_ID_Service_Account@developer.gserviceaccount.com")
        .setServiceAccountScopes(Arrays.asList(
             "https://www.googleapis.com/auth/plus.me",
                "https://www.googleapis.com/auth/userinfo.email",
                "https://www.googleapis.com/auth/userinfo.profile"))
       .setServiceAccountPrivateKeyFromP12File(
                new java.io.File(
                        "WEB-INF/yyyyyyyyyyyyyyyyyy-privatekey.p12"))
        .build();

      Plus plus = new Plus(HTTP_TRANSPORT, JSON_FACTORY, credential);

      Person profile = plus.people().get("me").execute();

      String email=profile.getEmails().get(0);

      String state = new BigInteger(130, new SecureRandom()).toString(32);


       String send="https://accounts.google.com/o/oauth2/auth?"+
                                        "scope=https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&"+
                                        "state=url%3Dhttps%253A%252F%rrrrrrrrrrrrrrr.appspot.com%26security_token%3D"+state+"&"+
                                        "redirect_uri=https://rrrrrrrrrrrrrrrr.appspot.com/vuelta&"+
                                        "response_type=id_token&"+
                                        "login_hint="+email+"&"+
                                        "client_id=Client_ID_for_web_application.apps.googleusercontent.com";
       resp.sendRedirect(send);

How I could continue?

Thanks in advance.

1 answers

solution1
 0  2014-03-04 17:53:01

You are making the request on behalf of the service account, so the plus.me request returns information about the service account. To make the request on behalf of the user, you need something (the email) to identify the user you are interested in. Without this, there's no way for Google to know which user you are interested in. So, what you are asking is not possible on the server side unless you already have the email.

What you want to do is initiate a standard (not service account) oauth 2 authentication, asking the user for the plus.me scope. Because the service account already has permissions, you will automatically be granted these permissions. You can then use that authorization to request the information about the user.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question google oauth2 how to get private key for service account google oauth2 impersonate service account with user@gmail.com Use service account for OAuth2 authentication to gmail Adwords API, OAuth2 and service account in Java Spring Boot + Google OAuth2: how to define user details service? How to get the email from already logged user OAUTH2 user service with Custom Authentication Providers Google Oauth2 with Service account for Google Speech API rpc not working How to configure Java Application to send Email with Gmail service using OAUTH2? Getting user's email address authenticated by OAuth2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM