使用OAuth2.0访问Google日历时出错.和服务帐户:“无效的模拟Prn电子邮件地址". [英] Error accessing Google Calendar using OAuth2.0. and service account: "Invalid impersonation prn email address."
问题描述
我正在尝试使用OAuth2.0和服务帐户使用Google Calendar API访问组织日历中各种用户的日历,但出现错误
I am trying to use Google Calendar API to access the calendar of various users in our organization calendars using OAuth2.0 and a service account but I get an error
"invalid_request"无效的假冒伪装电子邮件地址.".
"invalid_request" "Invalid impersonation prn email address.".
在Google控制台中,我有:
-创建了一个项目
-创建了一个服务帐户并启用了域范围委托",并赋予了项目所有者"角色,然后获得了P12密钥.
-在安全性">高级设置">身份验证">管理API客户端访问"中,我已授予服务帐户访问 https: //www.googleapis.com/auth/calendar.readonly .
In the Google console I have:
- Created a project
- Created a service account and enabled "Domain wide delegation" and given the "Project Owner" role, then got a P12 key.
- In Security > Advanced settings > Authentication > Manage API client access I have given the serviceaccount access to https://www.googleapis.com/auth/calendar.readonly.
using System;
using System.Windows.Forms;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Calendar.v3;
using Google.Apis.Services;
using System.Security.Cryptography.X509Certificates;
namespace Google_Calendar
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void button2_Click(object sender, EventArgs e)
{
string GoogleCertificate = @"testcalendar-209521-772939e76cae.p12"; // keyfile filename
string GoogleEmail = @"myserviceaccount@testcalendar-209521.iam.gserviceaccount.com"; // serviceaccount mail
string GoogleUser = "MyServiceAccount"; // serviceaccount name
string[] Scopes = new string[] { "https://www.googleapis.com/auth/calendar.readonly" };
X509Certificate2 certificate = new X509Certificate2(GoogleCertificate, "notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential( new ServiceAccountCredential.Initializer(GoogleEmail)
{
Scopes = Scopes,
User = GoogleUser
}.FromCertificate(certificate));
CalendarService service = new CalendarService(new BaseClientService.Initializer() { HttpClientInitializer = credential, ApplicationName = "testcalendar" });
string CalenderID = "mathias@mydomain.com";
var CalRequest = service.Events.List(CalenderID);
CalRequest.TimeMin = DateTime.Now.AddMonths(-1); //optional parameter
CalRequest.TimeMax = DateTime.Now.AddMonths(+1); //optional parameter
do
{
var events = CalRequest.Execute(); // here I get the error
foreach (var item in events.Items)
{
// do stuff
}
CalRequest.PageToken = events.NextPageToken;
} while (CalRequest.PageToken != null);
}
}
}
任何想法可能是什么问题?我认为问题出在我在Google某处的设置中.我会错过一步吗?
Any ideas what the problem might be? I think the problem is in my settings in Google somewhere. Do I miss a step there?
推荐答案
在Google支持的帮助下,我解决了该问题.
With some help from Google support I solved the problem(s).
1:使用服务帐户用户的位置
string GoogleUser = "MyServiceAccount";
我应该使用模拟用户
string GoogleUser = "MyAdminUser";
1: Where I had used the service account user
string GoogleUser = "MyServiceAccount";
I should have used an impersonate user
string GoogleUser = "MyAdminUser";
2:当我在管理控制台上添加范围时,我通过使用服务帐户"电子邮件进行了添加,然后将其可视化地转换为我项目的ClientID,一切似乎都正常.但事实并非如此.当我改用ClientID时,一切正常.
2: When I added the scopes on my Admin Console, I added it by using the Service Account email, which then got translated visually to the ClientID of my Project and everything seemed to be ok. But it was not. When I instead used the ClientID everything worked correct.
这篇关于使用OAuth2.0访问Google日历时出错.和服务帐户:“无效的模拟Prn电子邮件地址".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!