Google云端硬盘API,Oauth和服务帐户 [英] Google Drive API, Oauth and service account
问题描述
我在使用Google Drive API,服务帐户和身份验证时遇到了一些问题.我读了很多书,但是我不知道该怎么解决.
上下文:我的云端硬盘帐户上有一些文件(大约35GB),还有一个简单的Web应用程序,该应用程序可以让用户登录,查看我的云端硬盘中某些选定的文件夹/文件并根据需要下载. 唯一可以直接访问我的云端硬盘帐户的人是(或者应该是)我的服务器,用户可以通过Web应用程序/服务器来完成自己的工作.
经过一番搜索,我发现服务器到服务器授权文档应该是完美的出于我的目的,但正如我所见,服务帐户不会共享相同的驱动器空间:它们拥有自己的驱动器空间,并且无法升级.由于存在这个(奇怪的)限制,我无法使用服务帐户,因为我有超过35GB的空间,并且需要共享"所有内容.
其他方法:使用标准" OAuth来获取访问令牌,然后使用它来调用Drive API,但是访问令牌具有到期日期,我无法每次手动对其进行更新.
因此,第一个问题:是否有办法增加服务帐户的配额?如果没有,是否可以使用我的普通"帐户(所有者)来充当服务帐户?
第二个(虚拟)问题:我阅读了有关创建新的OAuth凭据的文档,最后获得一些示例代码和"client-secret" JSON.我运行了示例,但我不了解该JSON文件的作用:无论如何我必须登录并授予权限,为什么我需要它?
第三个问题(足够虚拟):如果OAuth是唯一的解决方案,是否有一种无需每次都手动进行操作即可获取/刷新访问令牌的方法?我查看了OAuth文档,用户交互/确认"是auth流中的基本内容之一,因此我认为不可能.
将您的云端硬盘帐户的文件夹共享到您的服务帐户.
您的服务帐户的地址类似于XXX@XXX.iam.gserviceaccount.com.
然后,您的服务帐户可以从您的云端硬盘帐户中看到共享文件夹.
这样您就有了35GB的服务帐户.
I've some issues with Google Drive API, service account and authentication. I read a lot, but I cannot figure out how to solve this.
Context: I have some files on my Drive account (about 35GB) and a simple web app which let users to log in, see some selected folders/files from my Drive and download them if needed. The only one who can directly access to my Drive account is (or should be) my server, users do their stuff through web app/server.
After some search I found server-to-server authorization docs that should be perfect for my purpose BUT, as I can see, service account does not share same Drive space: they have their own and it's not upgradable. Because of this (weird) limit I cannot use service account since I have more than 35GB and I need to "share" everything.
Other way: use "standard" OAuth in order to obtain an access token and then use it to make call to Drive API, but access tokens have an expire date and I can't update it manually every time.
So, first question: is there a way to increase quota for service account? If not, if there a way to use my "normal" account (owner) acting like a service account?
Second (dummy) question: I read docs about creating new OAuth credentials and at the end you obtain some example code and "client-secret" JSON. I run the example but I didn't understand what the role of that JSON file is: I must log in and give permission anyway, why do I need it?
Third (dummy enough) question: if OAuth is the only solution, is there a way to obtain/refresh access tokens without doing it manually every time? I looked at OAuth docs and "user interaction/confirmation" is one of the basic thing in the auth flow, so I don't think is possible.
Share your Drive account's folder to your service account.
Your service account's addresss looks like XXX@XXX.iam.gserviceaccount.com.
Then your service account can see the shared folder from your Drive account.
So you have 35GB service account.
这篇关于Google云端硬盘API,Oauth和服务帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
