[英]google oauth2 impersonate service account with user@gmail.com
[英]OAuth Google API for Java unable to impersonate user
我想模仿用戶並代表他們從服務器進程向用戶Google Drive添加文件。 我已經設置了一個服務帳戶,可以使用以下代碼成功訪問驅動器作為服務帳戶添加和列出文件等:
/** Global instance of the HTTP transport. */
private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
/** Global instance of the JSON factory. */
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
public static void main(String[] args) {
try {
GoogleCredential credential =
new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("XXXXX@developer.gserviceaccount.com")
.setServiceAccountScopes(DriveScopes.DRIVE)
.setServiceAccountPrivateKeyFromP12File(new File("c:/junk/key.p12"))
.build();
Drive drive = new Drive.Builder(HTTP_TRANSPORT, JSON_FACTORY, credential).build();
drive.files().list().execute();
} catch (Exception e) {
e.printStackTrace();
}
這有效,但只返回與我假設與服務帳戶驅動器(?)關聯的文件。
根據JavaDoc,GoogleCredential還可以通過添加服務帳戶用戶電子郵件地址來模擬用戶,如下所示:
GoogleCredential credential =
new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("XXXXX@developer.gserviceaccount.com")
.setServiceAccountScopes(DriveScopes.DRIVE)
.setServiceAccountPrivateKeyFromP12File(new File("c:/junk/key.p12"))
.setServiceAccountUser("usera@domain.com") //<-- impersonate user a
.build();
但是,執行此代碼時,將引發以下異常:
com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
"error" : "access_denied"
}
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:103)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:303)
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:323)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:340)
at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:508)
at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:260)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:796)
at com.google.api.client.googleapis.json.GoogleJsonResponseException.execute(GoogleJsonResponseException.java:198)
at com.google.api.client.googleapis.services.GoogleClient.executeUnparsed(GoogleClient.java:237)
at com.google.api.client.http.json.JsonHttpRequest.executeUnparsed(JsonHttpRequest.java:207)
at com.google.api.services.drive.Drive$Files$List.execute(Drive.java:1071)
我錯過了步驟或配置設置嗎?
謝謝,大衛
我發現了類似的問題: Google Apps管理員可以使用雲端硬盤SDK管理用戶文件嗎? 對我來說,這幫助我找到了答案。
cPanel文檔有點誤導,因為它指的是啟用使用者密鑰,然后將域添加到Manage API客戶端訪問屏幕。 這似乎對gdata api有效,而不是新的Google Drive api。 通過添加其他問題中建議的客戶端ID並授予對驅動器范圍的訪問權限,我現在可以模擬用戶。
讓管理員通過管理面板將范圍添加到xxxxx.apps.googleusercontent.com:
我添加了以下內容來處理電子表格:
https://www.googleapis.com/auth/drive
https://docs.google.com/feeds
https://spreadsheets.google.com/feeds
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.