Chrome应用可以直接访问Google API(如Drive)吗(即没有webview)? [英] Can a Chrome App access Google APIs (like Drive) directly (ie. without a webview)?
问题描述
我正在撰写 Chrome App ,我想使用 Google Drive API 让我的用户读/写文件到他们自己的Google Drive。
我发现信息表明,通过Chrome应用访问OAuth流程的唯一方法是使用webview(请参阅此前的StackOverflow问题 Chrome Drive Package中的Google Drive Realtime API )。
这个限制对我来说很有意义,因为要通过OAuth流程,您必须加载外部内容,并且从特权Chrome应用程序代码中隔离出来,这从安全角度来看非常重要。
但是,一旦您拥有OAuth访问令牌,看起来Chrome应用的JavaScript应该可以提出请求直接转到Google Drive API。这不会将任何内容(即HTML或JS)加载到浏览器中,它只是调用远程API来读取/写入数据。
但似乎仅支持使用Google JavaScript API的方法是使用如下代码远程加载它:
< script src = https://apis.google.com/js/client.js\"></script>
这是行不通的,因为Chrome应用不允许加载远程内容。
我只想下载 client.js 并将其放到本地Chrome App目录中的想法不起作用,因为 client.js 似乎认为它可以继续下载/执行更多的JavaScript。
我可以告诉的是,Google JavaScript API似乎对提前下载并仅从本地文件运行而言是敌对的。这听起来准确吗?如果是这样,应用程序从API获取远程数据的唯一方法是在webview和主应用程序之间传递消息,这听起来像是一个巨大的痛苦。
任何解决方案?或者,我是否必须通过webview将所有数据传送到/从API接收? :(
)使用identity API,特别是chrome.identity.getAuthToken来获得授权,它封装了OAuth工作,一旦获得授权,就可以使用Ajax执行特定的API(例如,访问诸如 https://www.googleapis.com/METHOD ) 换句话说,您可以直接访问Google API,而无需处理OAuth的复杂性,当然也不需要考虑一个webview。 在你的manifest.json中,你需要这样的东西: I am writing a Chrome App and I want to use the Google Drive API to let my users read/write files to their own Google Drive. I have found info suggesting that the only way to go through the OAuth flows from a Chrome App is to use a webview (see this previous StackOverflow question Google Drive Realtime API in a Chrome Packaged App). This restriction makes sense to me because to go through an OAuth flow you have to load external content, and keeping this isolated from the privileged Chrome App code sounds important from a security perspective. But once you have the OAuth access token, it seems like the JavaScript from the Chrome App should be able to make requests to the Google Drive API directly. This isn't loading any content (ie. HTML or JS) into the browser, it's just calling a remote API to read/write data. But it appears that the only supported way to use the Google JavaScript API is to load it remotely, using code like this: This won't work because the Chrome App isn't allowed to load remote content. And my idea of just downloading that So basically, from what I can tell, the Google JavaScript API appears to be hostile to being downloaded ahead-of-time and run from local files only. Does that sound accurate? If so, the only way for the app to get remote data from the API is to pass messages between the webview and the main app, which sounds like a huge pain. Any solution to this? Or do I have to tunnel all data to/from the API through a webview? :( Use the identity API, specifically chrome.identity.getAuthToken to get authorization. It encapsulates the OAuth work. Then, once authorized, use Ajax to execute specific APIs (e.g., to a URL like https://www.googleapis.com/METHOD where METHOD is the method.) In other words, you can access Google APIs directly, without dealing with the complexity of OAuth and certainly without horsing around with a webview. In your manifest.json, you'll need stuff like this:
这篇关于Chrome应用可以直接访问Google API(如Drive)吗(即没有webview)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
permissions:[
identity
],
oauth2:{
client_id:.... apps.googleusercontent。 com,
scopes:[
https://www.googleapis.com/auth/drive
]
}
<script src="https://apis.google.com/js/client.js"></script>
client.js and dropping it in my local Chrome App directory doesn't work, because client.js seems to assume that it can continue downloading/executing more JavaScript as necessary."permissions": [
"identity"
],
"oauth2": {
"client_id": "....apps.googleusercontent.com",
"scopes": [
"https://www.googleapis.com/auth/drive"
]
}
