管理员SDK和2个Legged Oauth [英] Admin SDK and 2 Legged Oauth

问题描述

有人能与2个Legged Oauth一起使用Admin SDK和python吗?

Has anyone had any luck getting 2 Legged Oauth working with the Admin SDK and python?

我只能在 https://的文档中看到关于2LO的developers.google.com/admin-sdk/directory/v1/guides/authorization 如下:

"如果您的应用程序具有某些特殊的授权要求，例如在请求数据访问(混合)或域范围内的授权(2LO)的同时登录，则您当前无法使用OAuth 2.0令牌.在这种情况下，您必须改为使用OAuth 1.0令牌和API密钥.您可以在Google API控制台的"API访问"窗格的简单API访问"部分中找到应用程序的API密钥."

"If your application has certain unusual authorization requirements, such as logging in at the same time as requesting data access (hybrid) or domain-wide delegation of authority (2LO), then you cannot currently use OAuth 2.0 tokens. In such cases, you must instead use OAuth 1.0 tokens and an API key. You can find your application's API key in the Google APIs Console, in the Simple API Access section of the API Access pane."

在搜索Google网站时，我能够找到有关将2LO与gdata库一起使用的示例，但与在较新的SDK上使用2LO无关.

In searching Googles site, I am able to find examples on using 2LO with the gdata libraries but nothing about using it with the newer sdks....

如果有人可以将我指向正确的文档集-或使用带有新SDK的2LO的示例-我们将不胜感激.

If someone can point me to the right set of docs - or an example of how to use 2LO w/ the new SDK - it would be appreciated.

谢谢

推荐答案

新的Admin SDK目录和Reports API支持OAuth 1.0身份验证，包括两足式OAuth.但是，Google API Python客户端库已已删除OAuth 1.0支持.

The new Admin SDK Directory and Reports APIs support OAuth 1.0 authentication including 2-legged OAuth. However, the Google API Python Client library has removed OAuth 1.0 support.

如果可能，您应该升级到OAuth 2.0，并可能升级到服务帐户(两脚替换).

If possible, you should upgrade to OAuth 2.0 and (possibly) Service Accounts (2-legged replacement) for your application.

我确实有一个Apps Marketplace应用程序，我想将Directory API与之一起使用，但是市场仍然仅是两足式OAuth.我设法使用gdata库以两足方式使用Directory API进行身份验证和低级POST/GET库调用.一个简单的例子:

I did have a Apps Marketplace App that I wanted to use the Directory API with but marketplace is still 2-legged OAuth only. I managed to get the Directory API working with 2-legged using the gdata library to authenticate and low level POST / GET library calls. A quick example:

使用2LO，Admin API和旧版GData库在Google Apps中获取用户:

Get user in Google Apps using 2LO, Admin API and old GData library:

gapps = gdata.client.GDClient()
gapps.ssl = True
gapps.auth_token = gdata.gauth.TwoLeggedOAuthHmacToken(two_legged.key, two_legged.secret, user_email)
uri = 'https://www.googleapis.com/admin/directory/v1/users/%s' % user_email
user_results = gapps.request(method='GET', uri=uri)
user_json = json.loads(user_results.read())

一种更好的方法可能是利用旧的GData库生成所需的两足式OAuth标头，然后将这些标头剔除并粘贴到新的Google API库生成的发现对象中，但我没有却想出了什么，虽然不应该很困难.

A better way to do this might be to utilize the old GData library to generate the needed 2-legged OAuth headers, then rip those headers out and stick them into discovery objects generated by the new Google API library but I've not yet worked out wha that would look like, shouldn't be terribly hard though.

这篇关于管理员SDK和2个Legged Oauth的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！