谷歌日历V3 2腿验证失败 [英] Google Calendar V3 2 Legged authentication fails
问题描述
我试图创建网页访问(业务)公司的私人日历和插入事件,如果时隙是可用的。我依然面临着一个身份验证问题。
借助 API手册指出我应该使用API密钥和Oauth2LeggedAuthenticator,所以我没有这一切,被解雇的要求是相当好(它有令牌,这样的OAuth),但仍然响应是是无效凭证异常;易说的是,我的凭据是错误的,还是客户端ID,clientSecret和API密钥是有效的;我怀疑2legged authenticater的最后2个参数,可以这是正确的?
VAR提供商=新NativeApplicationClient(GoogleAuthenticationServer.Description);
provider.ClientIdentifier = ClientCredentials.ClientID;
provider.ClientSecret = ClientCredentials.ClientSecret;VAR认证=
新OAuth2LeggedAuthenticator(ClientCredentials.ClientID,ClientCredentials.ClientSecretmyworkusername,workdomain.com);
Google.Apis.Calendar.v3.CalendarService服务=新Google.Apis.Calendar.v3.CalendarService(认证);service.Key = ClientCredentials.ApiKey;
。VAR结果= service.CalendarList.List()获取();Assert.IsTrue(result.Items.Count大于0);
注意:在写,你可以只用2条腿的认证与谷歌Apps for Business的/的排出时间,这会不会对个人账户的工作,因为有没有办法得到一个OAuth 1.0密钥/秘密对,则必须至少一次使用在线验证(但你可以使用超出浏览器的选项,这样你就不必创建一个专用页面)。
您code是正确的除了你不需要与该 NativeApplicationClient 前三行。这是最有可能失败,因为你没有正确设置OAuth键值,这将导致401S。
这导致401S其他的事情作为用户名使用matt@example.com而不是亚光,用户名是不包括你的域名。
要设置的OAuth遵循的从谷歌这篇文章。
最重要的部分需要注意的是允许访问所有API必须的选中,你必须分别授予访问所有的API。如果没有这样做,你会得到一个 401凭据无效错误。然后,您还需要在 API控制台来打开这些服务。如果API控制台的步骤尚未完成,你会得到一个不同的错误 403每日超限。
这将导致您的问题,如果你是previously依托允许访问所有API使用各种服务,你必须单独尽可能给予他们都按照我的理解使用V3的API。这似乎已被谷歌(4回复确认尼古拉斯·卡尼尔),是所谓的错误,但是这是一个古老的职位,所以它看起来就好像它在这里停留。
有关参考一旦这项工作已经完成,这code将工作,这在本质上是一样的你:
VAR AUTH =新OAuth2LeggedAuthenticator(域名,consumerSecret,usernameWithoutDomain,域名); // domainName为psently用作OAuth的ConsumerKey谷歌的2legged的OAuth $ P $VAR的服务=新CalendarService(AUTH);service.Key =的serviceKey;VAR的结果= service.CalendarList.List()获取()。Console.WriteLine(results.Items.Count);
因此,在总结:
在谷歌应用程序管理此域>高级工具
使用管理OAuth域密钥启用密钥,生成秘密,取消允许访问所有API。
使用管理第三方OAuth客户端访问启用API,您希望获得使用您的域名为客户名称,你要访问例如API的http://www.google.com/calendar/feeds/日历。
后来终于创建了 API控制台一个项目,使用APIKey作为在上面的例子中的serviceKey和打开你需要访问的API。
我回答这个问题,因为我不停地打了这个问题,当我试图找出为什么我的code不断返回401S。希望这可以帮助别人作为谷歌的说明是糟糕,在此刻的地方都散了。
I'm trying to create web page that access the (business) private calendar of the company and insert events if the time slot is available. Still I'm facing an authentication problem.
The API manual states that I should use an API key and Oauth2LeggedAuthenticator, so I did all this and the request that is fired is quite okey (it has a oauth token and such) But still the response is an exception with Invalid Credentials; Easy to say is that my credentials are wrong, still clientID, clientSecret and API Key are valid; I doubt the 2 last params of the 2legged authenticater, is this correct?
var provider = new NativeApplicationClient(GoogleAuthenticationServer.Description);
provider.ClientIdentifier = ClientCredentials.ClientID;
provider.ClientSecret = ClientCredentials.ClientSecret;
var authenticator =
new OAuth2LeggedAuthenticator(ClientCredentials.ClientID, ClientCredentials.ClientSecret, "myworkusername", "workdomain.com");
Google.Apis.Calendar.v3.CalendarService service = new Google.Apis.Calendar.v3.CalendarService(authenticator);
service.Key = ClientCredentials.ApiKey;
var result = service.CalendarList.List().Fetch();
Assert.IsTrue(result.Items.Count > 0);
NB: At the time of writing you can only used 2-legged authentication with Google Apps for Business/Eduction, this won't work on personal accounts as there's no way to get an OAuth 1.0 key/secret pair, you will have to use online authentication at least once (but you can use the out-of-browser option so you don't have to create a dedicated page).
Your code is correct apart from you don't need the first three lines relating to the NativeApplicationClient. This is most likely failing because you haven't properly set the OAuth keys, this causes 401s.
The other thing that causes 401s is using "matt@example.com" instead of "matt" as the username, the username is without including your domain.
To setup OAuth follow the instructions in this article from Google.
The most important parts to note are "Allow access to all APIs" must be unchecked and you have to individually grant access to all the APIs. If this hasn't been done you will get a 401 Invalid Credentials error. You then also need to turn those services on in the api console. If the api console step hasn't been done you will get a different error of 403 Daily Limit Exceeded.
This will cause you problems if you were previously relying on the "Allow access to all APIs" to use various services, you will have to grant them all individually as far as I understand it to use the v3 APIs. This seems to have been confirmed by google (4th reply by Nicolas Garnier) and is supposedly a bug, but that is an old post so it looks as if it's here to stay.
For reference once this has been done, this code will work, which in essence is the same as yours:
var auth = new OAuth2LeggedAuthenticator(domainName, consumerSecret, usernameWithoutDomain, domainName); //domainName is presently used as the OAuth ConsumerKey for Google's 2legged OAuth
var service = new CalendarService(auth);
service.Key = serviceKey;
var results = service.CalendarList.List().Fetch();
Console.WriteLine(results.Items.Count);
So in summary:
In Google Apps "Manage this Domain" > "Advanced Tools"
Using "Manage OAuth domain key" enable key, generate secret, uncheck "Allow access to all APIs".
Using "Manage third party OAuth Client access" enable the APIs you want access to using your domain as "Client Name" and the APIs you want to access e.g. "http://www.google.com/calendar/feeds/" for the calendar.
Then finally create a project in the API console, use the APIKey as the serviceKey in the above example and turn on the APIs you need to access.
I am answering this as I kept hitting this question when I was trying to find out why my code was constantly returning 401s. Hope this helps someone as the Google instructions are awful and scattered all over the place at the moment.
这篇关于谷歌日历V3 2腿验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
