在OAuth中使用bash curl返回Google Apps用户帐户数据? [英] Use bash curl with oauth to return google apps user account data?

问题描述

我正在寻找一种相当简单的方法来使用curl返回有关Google Apps中的一批用户帐户(例如createddate或lastlogin)的信息.我对curl和Google Apps api缺乏经验.

I am looking for a fairly simple method to use curl to return information about a batch of users accounts (like createddate or lastlogin) in google Apps. I am very inexperienced with curl and the Google Apps api's.

有人知道关于如何将curl与Oauth一起使用以请求用户帐户数据的精彩介绍性文章吗?

Does anyone know of a good introductory article on how to use curl with Oauth to request user account data?

先谢谢您！

推荐答案

由于Oash 2.0和JSON不易被Bash处理，因此很难实现.话虽如此，这是一个基本版本，它将为您提供所需的数据.垃圾收集器可能需要进行一些清理，但是再次使用grep解释JSON仍然是一个非常糟糕的主意.这是为什么存在 Google API库并应予以使用的一个完美示例.

This isn't easily achieved as OAuth 2.0 and JSON aren't easily handled by Bash. Having said that, here's a basic version that'll give you the data you're looking for. The greps could use some cleanup but then again, interpreting JSON with grep is a really bad idea anyway. This is a perfect example of why the Google API Libraries exist and should be used.

# Store our credentials in our home directory with a file called .
my_creds=~/.`basename $0`

# create your own client id/secret
# https://developers.google.com/identity/protocols/OAuth2InstalledApp#creatingcred
client_id='YOUR OWN CLIENT ID'
client_secret='YOUR OWN SECRET'

if [ -s $my_creds ]; then
  # if we already have a token stored, use it
  . $my_creds
  time_now=`date +%s`
else
  scope='https://www.googleapis.com/auth/admin.directory.user.readonly'
  # Form the request URL
  # https://developers.google.com/identity/protocols/OAuth2InstalledApp#step-2-send-a-request-to-googles-oauth-20-server
  auth_url="https://accounts.google.com/o/oauth2/v2/auth?client_id=$client_id&scope=$scope&response_type=code&redirect_uri=urn:ietf:wg:oauth:2.0:oob"

  echo "Please go to:"
  echo
  echo "$auth_url"
  echo
  echo "after accepting, enter the code you are given:"
  read auth_code

  # exchange authorization code for access and refresh tokens
  # https://developers.google.com/identity/protocols/OAuth2InstalledApp#exchange-authorization-code
  auth_result=$(curl -s "https://www.googleapis.com/oauth2/v4/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d code=$auth_code \
    -d client_id=$client_id \
    -d client_secret=$client_secret \
    -d redirect_uri=urn:ietf:wg:oauth:2.0:oob \
    -d grant_type=authorization_code)
  access_token=$(echo -e "$auth_result" | \
                 grep -Po '"access_token" *: *.*?[^\\]",' | \
                 awk -F'"' '{ print $4 }')
  refresh_token=$(echo -e "$auth_result" | \
                  grep -Po '"refresh_token" *: *.*?[^\\]",*' | \
                  awk -F'"' '{ print $4 }')
  expires_in=$(echo -e "$auth_result" | \
               grep -Po '"expires_in" *: *.*' | \
               awk -F' ' '{ print $3 }' | awk -F',' '{ print $1}')
  time_now=`date +%s`
  expires_at=$((time_now + expires_in - 60))
  echo -e "access_token=$access_token\nrefresh_token=$refresh_token\nexpires_at=$expires_at" > $my_creds
fi

# if our access token is expired, use the refresh token to get a new one
# https://developers.google.com/identity/protocols/OAuth2InstalledApp#offline
if [ $time_now -gt $expires_at ]; then
  refresh_result=$(curl -s "https://www.googleapis.com/oauth2/v4/token" \
   -H "Content-Type: application/x-www-form-urlencoded" \
   -d refresh_token=$refresh_token \
   -d client_id=$client_id \
   -d client_secret=$client_secret \
   -d grant_type=refresh_token)
  access_token=$(echo -e "$refresh_result" | \
                 grep -Po '"access_token" *: *.*?[^\\]",' | \
                 awk -F'"' '{ print $4 }')
  expires_in=$(echo -e "$refresh_result" | \
               grep -Po '"expires_in" *: *.*' | \
               awk -F' ' '{ print $3 }' | awk -F',' '{ print $1 }')
  time_now=`date +%s`
  expires_at=$(($time_now + $expires_in - 60))
  echo -e "access_token=$access_token\nrefresh_token=$refresh_token\nexpires_at=$expires_at" > $my_creds
fi

# call the Directory API list users endpoint, may be multiple pages
# https://developers.google.com/admin-sdk/directory/v1/reference/users/list
while :
do
  api_data=$(curl -s --get https://www.googleapis.com/admin/directory/v1/users \
    -d customer=my_customer \
    -d prettyPrint=true \
    `if [ -n "$next_page" ]; then echo "-d pageToken=$next_page"; fi` \
    -d maxResults=500 \
    -d "fields=users(primaryEmail,creationTime,lastLoginTime),nextPageToken" \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $access_token")
  echo -e "$api_data" | grep -v 'nextPageToken'
  next_page=$(echo $api_data | \
    grep -Po '"nextPageToken" *: *.*?[^\\]"' | \
    awk -F'"' '{ print $4 }')
  if [ -z "$next_page" ]
  then
    break
  fi
done

这篇关于在OAuth中使用bash curl返回Google Apps用户帐户数据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！