Google云端硬盘API身份验证-在客户端上进行身份验证? [英] Google Drive API Authentication - Make authentication on client?

问题描述

当用户想要通过我的服务访问其Google驱动器时，我在后端调用以下代码.

I am calling the following code on my back end when a user want to access their google drive through my service.

  public static DriveService GetService(string app_userID)
    {

        //get Credentials from client_secret.json file 
        UserCredential credential;
        var path = HttpContext.Current.Server.MapPath(@"~/client_secret.json");
        using (var stream = new FileStream(path, FileMode.Open, FileAccess.Read))
        {
            // The file token.json stores the user's access and refresh tokens, and is created
            // automatically when the authorization flow completes for the first time.
            string credPath = HttpContext.Current.Server.MapPath(@"~/token.json");
            credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
                GoogleClientSecrets.Load(stream).Secrets,
                Scopes,
                app_userID,
                CancellationToken.None,
                new FileDataStore(credPath, true)).Result;
        }

        //create Drive API service.
        DriveService service = new DriveService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = "GoogleDriveRestAPI-v3",
        });
        return service;

问题是我认为此代码是为在前端应用程序上运行而开发的.我收到以下错误，并且我认为该程序尝试在后端服务器上打开用于身份验证的网页.

The problem though is that I think this code is developed to run on the front end app. I get the following error and I think the program tries to open up a web page for authentication but on the back end server.

{
"Message": "An error has occurred.",
"ExceptionMessage": "One or more errors occurred.",
"ExceptionType": "System.AggregateException",
"StackTrace": "   at System.Threading.Tasks.Task`1.GetResultCore(Boolean .......GoogleDrive.GoogleDriveFilesRepository.GetService(String tt_userID) in ,,,
"InnerException": {
    "Message": "An error has occurred.",
    "ExceptionMessage": "Failed to launch browser with \"...(google url)..." for authorization. See inner exception for details.",
    "ExceptionType": "System.NotSupportedException",
    "StackTrace": "   ...
    "InnerException": {
        "Message": "An error has occurred.",
        "ExceptionMessage": "Access is denied",
        "ExceptionType": "System.ComponentModel.Win32Exception",
        "StackTrace": "   at ...

如何更改，以便最终用户在客户端进行身份验证?请参阅下面的设置.

How do I change so that the end user are authenticated on the client side instead? See my set up below.

请注意，如果可能的话，我仍然希望能够从后端调用API.

Note that I still would like to be able to call the API from the back end if possible.

推荐答案

好吧，这就是我终于解决了的方法.

Well, this is how I finally solved it.

认证必须在客户端完成，因此也必须在Java脚本代码中实现.身份验证将产生一个身份验证代码.

The authentication must be done on the client side and therefore also implemented in the java script code. The authentication will result in an authentication code.

由于我在vue中实现了实现，因此我使用了以下库: vue-google-oauth2

Since I do my implementation in vue I used this library: vue-google-oauth2

如果您想直接用JavaScript实现本教程可能会有所帮助(首先学习，直到获得代码").

If you want to implement in javascript directly this tutorial may help (first part up until you get the "code").

身份验证码只能用于请求访问令牌.在这种情况下，需要使用ASP.NET中实现的API，将身份验证代码传递到后端服务器.

The authentication code can be used once for requesting access token. The authentication code needs to be passed to the backend server, in this case by using the API implemented in ASP.NET.

在后端，我一起使用了此库使用此实现.唯一的例外是，我将redirect_uri设置为"postmessage".通过这种方法，我无需使用redirect_uri就可以获取访问令牌.不知道redirect_uri的目的.但是，使用"postmessage"时，无需在Google控制台中设置redirect_uri.

On the backend side I used this library together with this implementation. The only exception is that I set the redirect_uri to "postmessage". With that approach I can get the access token without using a redirect_uri. Not sure of the purpose of redirect_uri. However, no redirect_uri needs to be set in the Google console when using "postmessage".

我在服务器和Web客户端上都使用了相同的clientID.效果很好，但我不确定那是否应该是这样.

I used the same clientID on both the server and on the web client. It worked fine but I am not sure if that is how it is supposed to be.

最后，您需要一定程度地了解oauth2以便能够实现oauth2. 此页面底部的图给出了很好的概述.但是，如果您打算在实际的生产环境中实现此目的，则应确保您掌握了该主题或得到了相关人员的帮助.

Finally, you need to understand oauth2 to some degree in order to be able to implement oauth2. The diagram at the bottom on this page give a quite good overview. However, if you plan to implement this in a real production environment you should make sure that you master the topic or get help from someone that do.

这篇关于Google云端硬盘API身份验证-在客户端上进行身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！