如何在没有默认凭据文件的情况下授权 Google 服务帐户? [英] How can I authorize a Google Service Account without the default credentials file?

问题描述

我有一个 Google 服务帐户应用程序用于从 Google Analytics 检索数据.

I have a Google Service Account that my app uses to retrieve data from Google Analytics.

创建帐户时，我下载了一个 client_secrets 文件，其中包含通过 OAuth 进行授权所需的所有信息，并将此文件的路径记录在名为 GOOGLE_APPLICATION_CREDENTIALS 根据 Google 文档.

When I created the account I downloaded a client_secrets file with all the necessary information for authorization via OAuth, and I recorded the path to this file in an environment variable called GOOGLE_APPLICATION_CREDENTIALS as per Google's documentation.

我现在可以像这样获得经过身份验证的客户端:

I can now get an authenticated client like this:

authorization = Google::Auth.get_application_default(scopes) 

此方法从文件中读取凭据，该文件在本地工作，但我的应用托管在 Heroku 上，无法存储文件.

This method reads the credentials out of the file, which works locally, but my app is hosted on Heroku where file storage is impossible.

文档说明我可以提供这个文件(不能)、在官方 Google 服务上运行我的应用(不会)或遇到错误.

The documentation states that I can either provide this file (can’t), run my app on an official Google Service (won’t), or experience an error.

如何在没有 client_secrets 文件的情况下验证我的服务帐户?

How can I authenticate my service account without the client_secrets file?

推荐答案

我在 源代码.

I found the answer in the source code of the google-auth-library-ruby gem.

事实证明还有另一种选择:从 client_secrets 文件中获取值并将它们放入名为 GOOGLE_ACCOUNT_TYPE、GOOGLE_CLIENT_ID 的环境变量中, GOOGLE_CLIENT_EMAIL 和 GOOGLE_PRIVATE_KEY 分别.

It turns out that there is another option: take the values from the client_secrets file and put them in environment variables named GOOGLE_ACCOUNT_TYPE, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_EMAIL and GOOGLE_PRIVATE_KEY respectively.

如果填充了这些键，凭据将从那里加载.不过，文档中并没有提到这一点.

If these keys are populated, the credentials will load from there. Not a whisper of this in the docs, though.

这篇关于如何在没有默认凭据文件的情况下授权 Google 服务帐户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！