未授权Google服务帐户使用Calendar API [英] Google service account not being authorized for calendar API

问题描述

我正在尝试通过服务帐户连接到G Suite域中的所有日历.

I am trying to connect to all calendars on our G Suite domain through a service account.

我创建了一个新项目，并在"API和服务"页面中启用了Google Calendar API.

I created a new project and enabled the Google Calendar API in the API and services page.

我创建了一个Google服务帐户，网址为:

I created a Google service account with:

• 一个名字
• 似乎适用的角色
• 生成的json密钥文件
• 为整个域启用了G Suite

在服务帐户管理"页面中，我获取了我的ID(AAA@BBB.iam.gserviceaccount.com)

In the Service Account management page I took my ID (AAA@BBB.iam.gserviceaccount.com)

我进入了G Suite安全模块，然后转到ManageOauthClients页面，在其中输入ID并选择了Google日历API(

I entered the G Suite security module and went to ManageOauthClients page where I input the ID and selected google calendar API (https://www.googleapis.com/auth/calendar)

它可以正确识别我的ID并添加:

It identified my ID correctly and added:

1234567890日历(读写) https://www.googleapis.com/auth/calendar

1234567890 Calendar (Read-Write) https://www.googleapis.com/auth/calendar

其中1234567890是Google从我的AAA@BBB.iam.gserviceaccount.com输入中获取的ID.

Where 1234567890 is the ID that Google took from my AAA@BBB.iam.gserviceaccount.com input.

现在，我为Google和Calendar API添加了nuget包，并在C#的命令行应用程序中编写了以下代码:

Now I added the nuget package for Google and the Calendar API and wrote the following code in a command line application in C#:

        var scopes = new[] { CalendarService.Scope.Calendar };

        ServiceAccountCredential credential;

        using (Stream stream = new FileStream("ToprServiceAccount-xxxxyyyyy.json", FileMode.Open, FileAccess.Read, FileShare.Read))
        {
            credential = GoogleCredential.FromStream(stream).CreateScoped(scopes).UnderlyingCredential as ServiceAccountCredential;
        }

        var service = new CalendarService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential
        });

        var list = service.CalendarList.Get("planning@mydomain.com").Execute();

我确保我要的日历存在.这是我用来实际执行上述所有步骤的帐户中的那个帐户.

I made sure that the calendar I asked for exists. It is the one from the account I used to actually perform all above steps.

但是我仍然遇到404错误，这很可能表示我无权访问(我自己的)日历.

But I still am getting the 404 error, meaning most likely that I don't have permission to access (my own) calendar.

这与角色有关吗?我不确定在创建服务帐户时该选择哪个角色.

Could it be role related? I am unsure what role(s) to pick when creating the service account.

同样，当试图获取所有日历的列表时，它也是一个空列表.

Also when just trying to get the list of all calendars, it is an empty list.

推荐答案

我发现了问题所在(来源: https://neal.codes/blog/google-calendar-api-on-g-suite/)

I found out what went wrong (source here: https://neal.codes/blog/google-calendar-api-on-g-suite/)

在G-Suite->应用程序->日历->常规设置中，我必须启用共享所有日历的选项，并且局外人可以更改日历

In G-Suite -> Apps -> Calendar -> General settings I had to enable the option to share all calendars and outsiders can change calendars

进入任何日历后，将日历与服务帐户电子邮件共享.根据我在问题中的样本，该名称为AAA@BBB.iam.gserviceaccount.com.

After go into any calendar and share the calendar with the service account email. That would be AAA@BBB.iam.gserviceaccount.com according to my sample in the question.

据我所知，这两个步骤在文档中没有提到.很高兴我现在能正常工作！

These two steps are as far as I can find not mentioned in the documentation. Just glad I got it working now!

这篇关于未授权Google服务帐户使用Calendar API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！