获得“ 401未经授权”尝试通过服务帐户进行身份验证时 [英] getting "401 Unauthorized" while trying to authenticated with service account

问题描述

这就是问题所在：Ive最近设置了这篇文章。

So here is the problem: Ive recently made this post.

我提到的解决方案适用于一个令牌和一个API，但是当我尝试使用两个令牌（gmail和Sheets API）处理两个API时，它失败。

Solution I've mentionned worked for one token and one API but when I tried to handle two APIs with two token (gmail and Sheets API) it failed.

所以我现在要做的是使这两个工作正常进行，所以我告诉自己嘿，我们创建一个服务帐户。即使我不太了解这两种方法之间的区别。服务帐户似乎阻止了同意屏幕的显示（对吗？）。

So what I'm trying to do now is make the two work so I told myself "Hey let's create a service account". Even if I don't really understand the differences between both methods. Service account seems to prevent from having a consent screen (Am I right?).

我已经在网上搜寻了答案，但所有答案似乎都失败了。

I've crawled the web for answers but all of them seems to fail.

我已经刷新了令牌，使用了 GoogleCredential 代替了 Credential ，创建了新密钥等。虽然我没有尝试过的一件事是使用Gsuite帐户，但我使用的是基本帐户。

I've refreshed token, used GoogleCredential instead of Credential, created new key etc... one thing though I didn't tried is to use Gsuite account I'm using a basic account.

因此，现在我已经创建了一个新的p12文件，我立即收到 401 错误。我将共享我的代码以更好地理解。

So now I'm at the point where I've created a new p12 file and instantly I get the 401 error. I will share my code for a better understanding.

我的邮件类别

public class mailService {
    private static final String APPLICATION_NAME = "AHS";
    private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();

    private static final String TOKENS_DIRECTORY_PATH = "tokens";
//I've added sheet scope as it is activated in my project
    private static final Collection<String> SCOPES = Arrays.asList(GmailScopes.GMAIL_SEND, GmailScopes.GMAIL_LABELS, SheetsScopes.SPREADSHEETS);

    private static Credential getCredentials(final NetHttpTransport HTTP_TRANSPORT) throws IOException, GeneralSecurityException {
        File sa = new File("WEB-INF/mykeyfile.p12");
        Credential credential = new GoogleCredential.Builder()
                    .setTransport(HTTP_TRANSPORT)
                    .setJsonFactory(JSON_FACTORY)
                    .setServiceAccountId(
                            "myapp@appspot.gserviceaccount.com")
                    .setServiceAccountScopes(SCOPES)
                    .setServiceAccountPrivateKeyFromP12File(sa)
                    .setServiceAccountUser("myemailadress@gmail.com")
                    .build();
        //credential.refreshToken();
        return (credential);
    }
    
    public static Gmail getService() throws GeneralSecurityException, IOException {
        final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
        /*Gmail service = new Gmail.Builder(HTTP_TRANSPORT, JSON_FACTORY, getCredentials(HTTP_TRANSPORT))
                .setApplicationName(APPLICATION_NAME)
                .build();*/
        Gmail service = new Gmail.Builder(HTTP_TRANSPORT, JSON_FACTORY, null)
                .setHttpRequestInitializer(getCredentials(HTTP_TRANSPORT)).setApplicationName(APPLICATION_NAME).build();
        return (service);
    }
...

为了让您更好地理解，我正在创建一个使用Angular和Google应用程序引擎的网络应用程序。我不想使用Gmail API从我的帐户发送邮件，也不想使用表格API从电子表格中读取/写入电子表格。为了清楚起见，我有一个用于Google登录的秘密文件（针对Web应用程序的用户），但这是服务器端代码，我不希望用户看到同意屏幕。

So to give you a better understanding, I'm creating a web app using Angular and Google app engine. I wan't to use Gmail API to send mail from my account, also I'm using sheets API to read/write from/to a spreadsheet. Just to be clear I have a secret file for the google-sign-in (for the user of the web app) but there this is server side code and I don't wan't user to see a consent screen.

我也在问自己是否需要使用 gcloud 来激活服务帐户。

I'm also asking myself if I need to use gcloud in order to activate service account.

（目前）我正在使用Eclipse和Google App Engine插件在本地运行服务器。

I'm running (for the moment) my server locally using Eclipse and google app engine plugin.

如果您需要其他代码或精度来更好地理解问题，请告诉我

if you need other code or precisions for better understanding of the problem let me know

推荐答案

Gmail剂量支持服务帐户，除非它是gsuite帐户，并且您设置了域范围的委托。

Gmail dosent support service accounts unless its a gsuite account and you set up domain wide deligation.

如果您查看文档，将只看到有关使用Oauth2而不是服务器帐户的信息，这是因为Google仅记录了受支持的内容，而不是不支持的内容。

If you check the documentation you will only see information about using Oauth2 not server account this is because Google only documents things that are supported not those that aren't.

Sheets确实支持服务帐户，只是记住您需要对服务进行帐户预授权。这是通过与服务帐户共享工作表来完成的，就像使用该服务帐户电子邮件地址的任何其他用户一样。

Sheets does support service accounts just remembered that you need to pre-authorization on the service a account. That is done via sharing the sheet with the service account like you would any other user using the service accounts email address.

这篇关于获得“ 401未经授权”尝试通过服务帐户进行身份验证时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！