无法获取Google Analytics API的oAuth2访问令牌 [英] Cannot get oAuth2 Access Token for Google Analytics API

问题描述

我正在使用Rails + Garb Gem（Sija分公司）+ omniauth-google-oauth2 Gem，并且可以成功使用Google Analytics（分析）API进行身份验证，并提取使用用户登录名时我们的应用程序正在生成的数据，例如：

I am using Rails + Garb Gem (Sija Branch) + omniauth-google-oauth2 Gem and I can successfully authenticate with the Google Analytics API and extract data that our app is generating when using a user login, e.g.:

Garb::Session.login('USERNAME', '<PASSWORD>')

然后我可以使用Garb连接到所需的Analytics（分析）配置文件，并从中提取数据并在网页上显示一些图表。一切正常。

I can then use Garb to connect to the Analytics Profile I want and pull the data from it and display some charts on a webpage. This all works fine.

但是，我想使用oAuth2对Google Analytics（分析）进行身份验证，这就是为什么我必须从Github安装Garb Gem的Sija分支（它支持oAuth2），我还安装了omniauth-google-oauth2 Gem。从理论上讲，现在我应该能够使用以下代码进行身份验证：

However, I want to use oAuth2 to authenticate with Analytics which is why I had to install the Sija branch of the Garb Gem from Github (it supports oAuth2) and I also installed the omniauth-google-oauth2 Gem. Now in theory I should be able to authenticate using the following code:

Garb::Session.access_token = access_token # an instance of OAuth2::Client

在这一点上，它对我来说有点朦胧，我将不胜感激一些指导。这是我的发展目标：

It's at this point that it gets a little hazy for me and I would greatly appreciate some guidance. Here's how far I have gotten:

1）我在Google API控制台中创建了一个项目，并在Services下打开了Analytics API

1) I created a Project in the Google API console and turned on Analytics API under Services

2）这为我提供了一个客户ID和客户机密

2) This provided me with a Client ID and Client Secret

3）我遇到了这段代码，可以在上面填充ID和Secret：

3) I came across this code which I could populate with the ID and Secret above:

client = OAuth2::Client.new(
GOOGLE_CLIENT_ID,
GOOGLE_CLIENT_SECRET,
{
    :site          => 'https://accounts.google.com',
    :authorize_url => '/o/oauth2/auth',
    :token_url     => '/o/oauth2/token'
})

4）接下来是代码：

response = OAuth2::AccessToken.new(
    client,
    STORED_TOKEN, {
    refresh_token: STORED_REFRESH_TOKEN,
    expires_at: STORED_EXPIRES_AT
})

5）然后在理论上与以下内容关联：

5) and then in theory connect with:

Garb::Session.access_token = response

我遇到的问题是我在上面的第（4）点中没有令牌信息。在我看来，使用oAuth2我需要做一次握手并打印出返回令牌值？也许通过Rails代码打印输出的值，然后将令牌值粘贴到Rails应用程序中的常量中，以便我可以在上面的代码中使用它们？我真的很困惑。如前所述，Web应用程序使用用户登录身份验证可以正常工作。该Web应用程序所做的只是通过分析进行身份验证，提取一些数据并绘制图表。但是我一直坚持将其转换为 ，我只是不知道如何获取Garb Gem正在寻找的访问令牌。 不是一个具有多个用户身份验证的公共网站，这是一个CMS网站，它正在连接到我们自己的Google Analytics（分析）数据。

The problem I have is I don't have the token information in Point (4) above. It seems to me that with oAuth2 I need to do a "handshake" once and print out the return token values? Perhaps through Rails code which prints the values returned out and then paste the token values into a constant in the Rails app so that I can use them in the above code? I really am confused. As I mentioned earlier, the web app works fine using the user login authentication. All the web app is doing is authenticating with analytics, pulling down some data and drawing a chart. But I am stuck converting it over to oAuth2 as I just do not know how to get the Access Token that the Garb Gem is looking for. I should also note that this is not a public website with multiple users authenticating, this is a CMS website that is connecting to our own Analytics data.

我已经看到了有关此方面的部分摘要，但没有完整说明或可行的示例。

I have seen some partial snippets of aspects of this but not a fully explained or working example. I would really appreciate any guidance and help with this question.

在此先感谢

JR

推荐答案

在过去的几周中，我一直在努力解决这个问题，所以让我分享一下可行的方法：

I've soldiered through this over the last few weeks, so let me share what worked:

要使用Oauth2，您需要获取一个刷新令牌，以便您在每次进行API调用时与Google进行重新验证。步骤如下：

To use Oauth2 you need to get a 'refresh token' that you use to 're-authenticate' with google each time you make an API call. The steps for this are as follows:

1）在API控制台中设置帐户- https://code.google.com/apis/console/b/0/ （好像您做得很好）
2 ），在您的API帐户中，确保您有指向您的应用程序的重定向URI：

1) Setup your account in the API console - https://code.google.com/apis/console/b/0/ (seems like you've done that well) 2) In your API account, make sure you have a redirect URI pointing back to your application:

http://some-url.com/auth/google_oauth2/callback
http://localhost:3000/auth/google_oauth2/callback

请注意，Google不允许您以0.0.0.0:3000的身份回叫本地计算机...因此您需要显式使用localhost

Note here that google won't let you call back to your local machine as 0.0.0.0:3000... so you'll need to use localhost explicitly

3）在您的路由文件中，将该重定向URL绑定到您要在其中创建项目或身份验证的控制器中的操作

3) In your route file, tie that redirect url to an action in the controller where you're going to create the project or authentication

match '/auth/:provider/callback' => 'authentications#create'

'：provider'可以让您匹配多种类型的oauth，但是您也可以在其中放置 google_oauth2。

The ':provider' simply lets you match on multiple types of oauth, but you could just put 'google_oauth2' there as well.

4）现在在控制器中创建该操作

4) Now create that action in your controller

def create
  auth = request.env["omniauth.auth"] 
  params = request.env["omniauth.params"]
  project = Project.find(params['project_id'])

  Authentication.create(:project_id => project.id, :provider => auth['provider'], :uid => auth['uid'], :access_token => auth['credentials']['refresh_token'])
  flash[:notice] = "Authentication successful."
  redirect_to owner_view_project_path(project)
end

5）控制器操作应检索响应对象的相关字段（响应对象的详细信息在这里： https://github.com/zquestz / omniauth-google-oauth2 ）-特别是，您需要获取'refresh_token'并将其保存到您的项目或身份验证对象中-如果您尚未向所需的对象添加'access_token'属性，现在进行迁移，然后开始将刷新令牌保存到该属性

5) The controller action should retrieve the relevant fields from the response object (details of response object here: https://github.com/zquestz/omniauth-google-oauth2) - in particular, you need to get the 'refresh_token' and save that to your project or authentication object - if you haven't added an 'access_token' attribute to the desired object, go do that now with a migration, then start saving the refresh token to that attribute

6）现在，当您准备调用该特定身份验证并为其获取API数据时，您可以在保存访问令牌的位置加载该对象，并使用该对象通过google API获取新会话，如下所示：

6) Now when you're ready to call that particular authentication and get API data for it, you can load up that object where you saved the access token, and use that to get a new session with the google API as follows:

  @authentication = Authentications.find(params[:id])

  client = OAuth2::Client.new GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET,
                                  {
                                    :site => 'https://accounts.google.com',
                                    :authorize_url => "/o/oauth2/auth",
                                    :token_url => "/o/oauth2/token",
                                  }
  response = OAuth2::AccessToken.from_hash(client, :refresh_token => @authentication.access_token).refresh!
  Garb::Session.access_token = response
  @profiles = Garb::Management::Profile.all

此代码的作用是通过指定客户端，然后指定refresh_token，然后调用 refresh！来创建刷新的访问令牌，从而创建OAuth2访问令牌（响应）...然后使用该访问令牌来建立您的Garb会话，然后使用Gard :: Management :: Profile.all

What this code did was create an OAuth2 access token (response) by specifying the client and then a refresh_token, then calling 'refresh!' to get a refreshed access token... then use that access token to establish your Garb session, then call down all the profiles for a given account using the Gard::Management::Profile.all

调用给定帐户的所有配置文件，希望有帮助-让我知道您是否有问题！

Hope this helps - let me know if you have questions!

这篇关于无法获取Google Analytics API的oAuth2访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！