Google Drive API - OAuth2.0:如何自动执行身份验证流程?疑问和问题 [英] Google Drive API - OAuth2.0: How to Automate Authentication Process? Doubts and Questions
问题描述
我试图将Google API集成到一个项目(Thesis项目)中,我有一些疑问和疑问。所以,这里就是这种情况:
我用Java编写了一个完全由命令行运行的后端应用程序,并且完全不与用户进行交互。其目标是允许传感器和执行器之间的通信和交互。一切都很好。现在我想集成一些东西,以便让传感器以一定周期和由于某个检测到的阈值备份数据。所以我想,为什么不尝试使用Google云端硬盘。第一个非常有用的链接是:
https://developers.google.com/drive/web/quickstart/quickstart-java
https://developers.google.com/accounts/docs/OAuth2InstalledApp
快速入门的例子就像一个魅力。然而,它需要相当多的设置:在开发者控制台(因此是一个帐户)内创建一个项目,启用Drive API,然后创建一个客户端ID和一个客户端密钥。完成这些步骤后,您可以硬编码客户端ID和密码以形成谷歌驱动器的请求URL。然后请您在浏览器中输入网址,如果不是,请接受并最终复制粘贴到您的控制台的授权码以获取访问令牌。哇,相当安全的过程。但是,嘿,我完全同意它,尤其是在我们拥有需要用户身份验证和授权的Web应用程序,智能手机应用程序或Web服务的情况下,以便让应用程序通过访问来完成其工作其他人帐户。但就我而言,我只希望传感器能够在 my 谷歌驱动器上备份数据。这些事实导致我的第一个问题:在为了使用Google API(在这种情况下为Drive),我是否必须创建项目?还是有另一种方法?如果我没有错,那么在开发者控制台内部没有创建项目的情况下,没有其他方法可以创建客户端ID和密码。这使我困惑不已。为什么我应该创建一个基本上使用一些库的项目?
因此,让我们假设以前是合理的约束,并转移到真正的问题上:如何自动化身份验证过程?鉴于我的情况,传感器(简单地说是一个Java模块)想要备份数据,不可能完成所有这些步骤。关于OAuth 2.0的谷歌页面对我们可以嵌入认证程序的不同场景有很好的解释,包括一个用于 有限输入功能的设备 。不幸的是,这比其他的更复杂,并且需要 用户切换到具有更丰富输入功能的设备或计算机,启动浏览器,导航到限制输入设备上指定的URL,登录,然后输入代码。 (LOL)所以,我没有放弃,关于OAuth Playground:如何授权没有用户干预的应用程序(网络或安装)? (规范?)。它看起来像是我的解决方案,尤其是当它说:
NB2。如果您想要一个访问
您自己的(并且只有您自己的)云端硬盘帐户的Web应用程序,而不打算写
授权代码,该代码只能运行一次,该技术就可以运行。只需跳过
步骤1,然后在步骤
5中用您自己的电子邮件地址替换my.drive.app。
但是,如果我没有错,我认为OAuth Playground仅用于帮助测试和调试使用Google API的项目,不是吗?此外,Google驱动程序类(如Java快速入门示例中使用的 GoogleAuthorizationCodeFlow 和 GoogleCredential )始终需要Client ID,Client Secret等等,这让我指向零(创建一个项目并执行整个图形化过程)。
结论:有没有办法避免图形身份验证交互,并将其转换为仅使用Drive的API而无需用户干预的自动化过程?非常感谢,我会很感激任何提示,提示,回答,指针: - )
它描述的确实是您的用例的解决方案。您错过的第7步是您将自己的应用程序的详细信息输入到OAuth Playground中的步骤7。从那一刻起,操场就在冒充您的应用,因此您可以进行一次性授权并获得刷新令牌。
I'm trying to integrate Google APIs inside a project (Thesis project) and I have some doubts and questions. So, here it is the scenario:
I wrote a back-end application in Java that runs solely from a command-line and has absolutely no interaction with a user. Its goal is to allow communication and interaction between sensors and actuators. Everything works great. Now I'd like to integrate something in order to let the sensors backup data both with a certain periodicity and due to some detected threshold value. So I thought, why not trying with Google Drive. The first very useful links have been:
https://developers.google.com/drive/web/quickstart/quickstart-java
https://developers.google.com/accounts/docs/OAuth2InstalledApp
Quick start examples work like a charm. However it requires quite a bit of settings: create a project inside the Developer Console (therefore an account), enable Drive API, then create a Client ID and a Client Secret. Once you've done these steps, you can hard-coded client ID and secret to form the request URL for google drive. Then you're kindly asked to enter the url in a browser, log in if you're not, accept and finally copy and paste into your console the authorization code for obtaining an access token. Wow, quite a security proccess. But hey, I completely agree with it, above all in a scenario where we have either a web app, a smartphone app or a web service that needs users' authentication and authorization in order to let the app doing its job by accessing someone else account. But in my case, I just would like that sensors will backup data on my google drive.
These facts lead to my first question: in order to use Google APIs (Drive in this case), do I have to create a project anyway? Or is there another approach? If I'm not wrong, there aren't other ways to create a client Id and secret without creating a project inside the Developer Console. This puzzles me a lot. Why should I create a project to use basically some libraries?
So, let's assume the previous as justifiable constraints and move on the real question: how to automate the authentication process? Given my scenario where a sensor (simply a Java module) want to backup data, it would be impossible to complete all that steps. The google page about OAuth 2.0 has a great explanations about different scenarios where we can embed the authentication procedure, included one for "devices with limited input capabilities". Unluckily, this is more complicated then the others and requires that "The user switches to a device or computer with richer input capabilities, launches a browser, navigates to the URL specified on the limited-input device, logs in, and enters the code." (LOL)
So, I didn't give up and I ended up on this post that talks about OAuth Playground: How do I authorise an app (web or installed) without user intervention? (canonical ?). It really looks like as a solution for me, in particular when it says:
NB2. This technique works well if you want a web app which access your own (and only your own) Drive account, without bothering to write the authorization code which would only ever be run once. Just skip step 1, and replace "my.drive.app" with your own email address in step 5.
However if I'm not wrong, I think that OAuth Playground it's just for helping test and debug projects that use Google APIs, isn't it? Moreover, Google drive classes such as GoogleAuthorizationCodeFlow and GoogleCredential (used inside the Java quick start example) always need Client ID, Client Secret and so on, which brings me to point zero (create a project and do the whole graphical procedure).
In conclusion: is there a way to avoid the "graphical" authentication interaction and convert it into an automated process using only Drive's APIs without the user intervention? Thanks a lot, I would be grateful for any tip, hint, answer, pointer :-)
I wrote the SO post at How do I authorise an app (web or installed) without user intervention? (canonical ?)
What it describes is indeed the solution to your use-case. The key bit you'd missed is step 7 where you enter the details of your own application into the OAuth Playground. From that point, the playground is impersonating your app and so you can do the one-time authorization and obtaining a refresh token.
这篇关于Google Drive API - OAuth2.0:如何自动执行身份验证流程?疑问和问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
