不断收到来自403谷歌API禁止（使用PHP客户端库V1） [英] Keep getting 403 Forbidden from Google API (using PHP client library v1)

问题描述

好吧......我不得不说，我不会对使用谷歌的API了足够的经验，所以我会尽力，我可以为详细讲解。

Okay... I have to say I don't have enough experience on using Google's API, so I'll try to explain as detail as I could.

我需要使用PHP来获取云存储的数据，所以我想我有凭据的gsutil抢水桶从数据和它的作品;但是，当我尝试使用PHP库抓取数据时，API回答我这个内容：

I need to use PHP to grab the Cloud storage's data, so I tried my credential with gsUtil to grab data from bucket and it works; But when I try to use PHP library to grab data, the API replied me with this content:

"error": {
  "errors": [
    {
       "domain": "global",
       "reason": "forbidden",
       "message": "Forbidden"
    }
  ],
  "code": 403,
  "message": "Forbidden"
}

由于它没有告诉我到底是哪一步是错误的，所以我周围中搜索这个网站，并试图看着这一切类似，但形势的立场。

Since it didn't tell me exactly which step is wrong, so I searched around this site and tried everything which looked similar, but the Situation stands.

下面是我的谷歌开发的配置。控制台：

Here is the Configuration on my Google Dev. Console:

Api Manager > Overall > Enabled API：

(a)Drive API.

(b)Cloud Storage.

(c)Cloud Storage JSON API.

Api Manager > Credentials:

(a)Api Key / OAuth 2.0 ID / Service Acc. Key are created.

(b)Server IPs are added to the Api key's accept IP list.

(c)Service Account have the Editor permission to the Project, service acc key is bind to this account too.

在PHP：

$email = '<my gmail>';
$scope = 'https://www.googleapis.com/auth/cloud-platform';
$apiKey = '<my api key>';
$oAuthId = '<OAuth ID>';
$serviceAcc = '<service account id>@developer.gserviceaccount.com';
$keyFileLocation = $_SERVER['DOCUMENT_ROOT']. "/<p12 file>";
$bucketId = '<my bucket id>';
$list = array();

$client = new Google_Client();
$client->setApplicationName("gp-api");
$client->setDeveloperKey($apiKey);
$cred = new Google_Auth_AssertionCredentials (
            $serviceAcc,
            array($scope),
            file_get_contents($keyFileLocation)
    );

$client->setAssertionCredentials($cred);

if($client->getAuth()->isAccessTokenExpired())
  $client->getAuth()->refreshTokenWithAssertion($cred);

if($client->getAccessToken()) {
  $reqUrl = "https://www.googleapis.com/storage/v1/b/$bucketId/o/";
  $request = new Google_Http_Request($reqUrl, 'GET', null, null);
  $httpRequest = $client->getAuth()->authenticatedRequest($request);
  if ($httpRequest->getResponseHttpCode() == 200) {
    $objects = json_decode($httpRequest->getResponseBody());
    foreach ($objects->items as $object) {
      $list[] = $object->mediaLink;
    }
  }
  else {
    echo $httpRequest->getResponseHttpCode(); // This is where I got the 403
  }
}

请告诉我，如果我错过了什么。

Please tell me if I missed something.

推荐答案

好吧，我得到的问题：它必须模拟这些有特权访问，我在节目中提到的API范围用户帐号

Ok, I got the Problem: it must impersonate the User account which have the privilege to access the API scope that I mentioned in program.

因此​​，一些额外的codeS必须添加如下：

So some additional codes must be added as following:

$email = '<email account which could access that api>';
$scope = 'https://www.googleapis.com/auth/cloud-platform';
$apiKey = '<my api key>';
$oAuthId = '<OAuth ID>';
$serviceAcc = '<service account id>@developer.gserviceaccount.com';
$keyFileLocation = $_SERVER['DOCUMENT_ROOT']. "/<p12 file>";
$bucketId = '<my bucket id>';
$list = array();

$client = new Google_Client();
$client->setApplicationName("gp-api");
$client->setDeveloperKey($apiKey);
$cred = new Google_Auth_AssertionCredentials (
        $serviceAcc,
        array($scope),
        file_get_contents($keyFileLocation),
        'notasecret',
        'http://oauth.net/grant_type/jwt/1.0/bearer',
        $email
);

Woooooyaaaaa，另一个问题解决了！时间移动为下一个问题。

Woooooyaaaaa, another problem solved! time to move up for next problem.

这篇关于不断收到来自403谷歌API禁止（使用PHP客户端库V1）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！