Google Drive API的文件导出端点因API密钥身份验证而失败? [英] Google Drive API's file Export endpoint is failing with API Key authentication?

问题描述

最近通过 Google云端硬盘API (特别是导出)进行了任何更改，这将导致3月27日之后使用API​​密钥访问时失败-2018?

Has anything changed recently with the Google Drive APIs and specifically the Export function, which would cause it to fail while using API Key access after 27-Mar-2018?

我有一个Windows服务，该服务为教育团体创建并发送每日课程电子邮件.每封电子邮件的源内容都以Google文档的形式存储在Google云端硬盘中，因此教师可以轻松地更新课程内容.

I have a Windows Service that creates and sends daily course emails for an educational group. The source content for each email is stored in a Google Drive, as a Google Doc, so that the faculty can update the course content easily.

在过去的一年中，它一直在完美地工作，但是突然在2018年3月27日停止了工作.从那时起，我就可以检索文件详细信息了；

This has been working flawlessly for the past year, but suddenly stopped working about 27-Mar-2018. Since then, I can retrieve the file details;

    _googleDriveHtmlContent.LoadFile(
        fileId
        );

但不是内容.当我将文件Export作为HTML时，我立即从ProgressChanged处理程序中获得了DownloadStatus.Failed；

But not the contents. When I Export the file as HTML, I immediately get a DownloadStatus.Failed from the ProgressChanged handler;

    var request = _driveService.Files.Export(
        fileId, 
        "text/html"
        );

我将API密钥用于安全性而非OAuth，因为它是一种无UI的服务.为此，我需要将文件夹标记为可公开访问-特别是我正在使用具有链接的所有人都可以访问".这一直很好.

I'm using API keys for security, rather than OAuth, since it's a UI-less service. To do this I need to mark the file folders as publicly accessible - specifically I'm using "Accessible to everyone, with link." This has been working great.

我已通过NuGet更新到最新的API v3库，但行为没有变化.

I've updated to the latest API v3 libraries through NuGet, with no change in behavior.

使用Google的API资源管理器，我看到了类似的行为.

Using Google's API Explorer, I'm seeing a similar behavior.

我可以使用带有get端点的API资源管理器成功检索我的文件. https://developers.google.com/drive/v3/reference/files/得到

I can retrieve my file successfully using the API Explorer with the get endpoint. https://developers.google.com/drive/v3/reference/files/get

• fileId 1AIuGhzXsNuhhi0PMA1pblh0l5CCDaa1nPj8t_dasi_c
• 身份验证:API密钥(使用演示API密钥")

但是使用export端点，我会收到内部错误(500)- https://developers.google.com/drive/v3/reference/files/导出

But with the export endpoint, I get an Internal Error (500)- https://developers.google.com/drive/v3/reference/files/export

• fileId 1AIuGhzXsNuhhi0PMA1pblh0l5CCDaa1nPj8t_dasi_c
• mimeType:text/html
• 身份验证:API密钥(使用演示API密钥")

• fileId 1AIuGhzXsNuhhi0PMA1pblh0l5CCDaa1nPj8t_dasi_c
• mimeType: text/html
• Authentication: API key (uses a "demo API key")

在API资源管理器中将身份验证更改为OAuth 2.0，并批准访问，然后返回成功的200结果以及HTML文件.但是，我无法通过无UI服务访问API.

Changing the Authentication in the API Explorer to OAuth 2.0, and approving access, then returns a successful 200 result with the file HTML. However I'm unable to do that since I'm accessing the API via a UI-less service.

推荐答案

Google云端硬盘API(尤其是导出功能)最近是否发生了任何更改，这会导致它在2018年3月27日之后使用API​​密钥访问时失败?

Has anything changed recently with the Google Drive APIs and specifically the Export function, which would cause it to fail while using API Key access after 27-Mar-2018?

有可能，但最有可能是隐身更改，您将不会获得任何官方消息.不久前，我看到有人发布了类似的问题，他们正在使用API​​密钥更新Google表格，但突然停止了工作.

Its possible but its most likely a stealth change that you will not get any official word on. Not that long ago i saw someone posting a similar question they were using an API key to update a Google sheet and it suddenly stopped working.

IMO，如果Google更改了它，这可能是一件好事. API密钥用于访问公共数据.如果任何人都设法找到了您的文档的文件ID，然后他们便能够更新您的文档，那么将文档公开是一个非常糟糕的主意.

IMO if google has changed this its probably a good thing. API keys are meant for accessing public data. Setting a document to public is a really bad idea if anyone did manage to find the file ID of your document they would then be able to update your document.

建议:

您应该使用的是服务帐户.通过在Google开发人员控制台上创建服务帐户凭据，然后获取服务帐户电子邮件地址，服务帐户是虚拟用户，您可以与服务帐户共享Google云端硬盘上的文件，从而授予该文件访问所述文件的权限，而无需将文件公开.

What you should be using is a Service account. Service accounts are dummy users by creating service account credentials on Google developer console and then taking the service account email address you can share the file on Google Drive with the service account granting it access to said file without the need of making the file public.

您尚未指定要使用的语言，但是您说您正在使用Windows服务，因此我假设您使用的是.net.这是使用Google .net客户端库进行服务帐户身份验证的示例.

You havent specified what language you are using but you said you were making a windows service so i am going to assume you are using .net. Here is an example of service account authencation with the Google .net client library.

 public static DriveService AuthenticateServiceAccount(string serviceAccountEmail, string serviceAccountCredentialFilePath, string[] scopes)
    {
        try
        {
            if (string.IsNullOrEmpty(serviceAccountCredentialFilePath))
                throw new Exception("Path to the service account credentials file is required.");
            if (!File.Exists(serviceAccountCredentialFilePath))
                throw new Exception("The service account credentials file does not exist at: " + serviceAccountCredentialFilePath);
            if (string.IsNullOrEmpty(serviceAccountEmail))
                throw new Exception("ServiceAccountEmail is required.");                

            // For Json file
            if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".json")
            {
                GoogleCredential credential;
                using (var stream = new FileStream(serviceAccountCredentialFilePath, FileMode.Open, FileAccess.Read))
                {
                    credential = GoogleCredential.FromStream(stream)
                         .CreateScoped(scopes);
                }

                // Create the  Analytics service.
                return new DriveService(new BaseClientService.Initializer()
                {
                    HttpClientInitializer = credential,
                    ApplicationName = "Drive Service account Authentication Sample",
                });
            }
            else if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".p12")
            {   // If its a P12 file

                var certificate = new X509Certificate2(serviceAccountCredentialFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
                var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
                {
                    Scopes = scopes
                }.FromCertificate(certificate));

                // Create the  Drive service.
                return new DriveService(new BaseClientService.Initializer()
                {
                    HttpClientInitializer = credential,
                    ApplicationName = "Drive Authentication Sample",
                });
            }
            else
            {
                throw new Exception("Unsupported Service accounts credentials.");
            }

        }
        catch (Exception ex)
        {                
            throw new Exception("CreateServiceAccountDriveFailed", ex);
        }
    }
}

从代码" rel ="nofollow noreferrer"> serviceaccount.cs .假设您已经在使用Google .net客户端库，则此方法返回的服务将与您使用api密钥使用的驱动器服务相同.

code ripped from serviceaccount.cs. Assuming that you were already using the Google .net client library the service this method returns will be the same drive service you were using with an api key.

一旦您授予服务帐户对该文件的访问权限，便可以在需要时访问该文件，而无需进行身份验证，因为您已通过与该文件共享文件对其进行了预授权.

Once you have granted your service account access to the file it will be able to access the file when ever it needs there is no authentication needed as you have preauthorized it by sharing the file with it.

这篇关于Google Drive API的文件导出端点因API密钥身份验证而失败?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！