仅通过OAuth身份验证用户从Java后端创建Google日历事件 [英] Create Google Calendar Event from Java Backend from OAuth authenticated Users only
问题描述
正在从后端在特定日历上创建Google日历活动.就像有人在Web应用程序中召开会议时一样,应将其从后端添加到共享的Google日历中(使用JAVA运行-Spring Boot).
Working on creating a Google Calendar Event on a specific Calendar from backend. Like when someone generate a meeting in a web application, it should be added to the shared google calendar from backend (running using JAVA - Spring boot).
正在生成事件的用户必须是授权用户.
User who is generating event must be an authorized user to do so.
我已按照此文档进行了Java的初始设置.
I have followed this docs for initial set up in java.
我曾经使用过的依赖关系,
Dependancies that I've used,
compile 'com.google.api-client:google-api-client:1.23.0'
compile 'com.google.oauth-client:google-oauth-client-jetty:1.23.0'
compile 'com.google.apis:google-api-services-calendar:v3-rev305-1.23.0'
然后创建一个我尝试过的活动
Then to create a event I've tried this one,
public String createCalendarEvent() throws GeneralSecurityException, IOException {
String calendarId = "primary";
// Build a new authorized API client service.
final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
Calendar service = new Calendar.Builder(HTTP_TRANSPORT, JSON_FACTORY, getCredentials(HTTP_TRANSPORT))
.setApplicationName(APPLICATION_NAME)
.build();
Event event = new Event()
.setSummary("Testing Event Creation 1")
.setLocation("India")
.setDescription("Testing Event Creation");
EventDateTime start = new EventDateTime()
.setDate(new DateTime("2019-02-26"));
event.setStart(start);
EventDateTime end = new EventDateTime()
.setDate(new DateTime("2019-02-28"));
event.setEnd(end);
event = service.events().insert(calendarId, event).execute();
log.debug("Event is created and HTML link is: " + event.getHtmlLink());
return event.getHtmlLink();
}
getCredential()方法正在处理授权,如下所示:
getCredential() method is taking care of Authorization as below:
private static Credential getCredentials(final NetHttpTransport HTTP_TRANSPORT) throws IOException {
// Load client secrets.
InputStream in = CalendarEventService.class.getClassLoader().getResourceAsStream(CREDENTIALS_FILE_PATH);
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
// Build flow and trigger user authorization request.
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, SCOPES)
.setDataStoreFactory(new FileDataStoreFactory(new File(TOKENS_DIRECTORY_PATH)))
.setAccessType("offline")
.setApprovalPrompt("force")
.build();
LocalServerReceiver receiver = new LocalServerReceiver.Builder().setPort(8888).build();
Credential credential = new AuthorizationCodeInstalledApp(flow, receiver).authorize("user");
return credential;
}
必需的OAuth ClientID和ClientSecret位于CREDENTIALS_FILE_PATH.在运行时,它会在TOKENS_DIRECTORY_PATH内部生成AUTH_TOKEN并在Calendar中创建一个事件.
The required OAuth ClientID and ClientSecret are located at CREDENTIALS_FILE_PATH. While running it generates AUTH_TOKEN inside TOKENS_DIRECTORY_PATH and create an event in Calendar.
现在,如果用户更改,随后的执行将毫无问题地执行.
Now subsequent execution execute without any issue If user changes.
我需要由当前登录用户(应检查OAuth)并从后端与此.
I require to create Event in Calendar by the User who is currently logged in (Should be checked for OAuth) and from backend as this one.
推荐答案
服务器到服务器的通信未经同意
您需要了解,私人用户数据将始终需要您具有访问权限.未经该用户许可,您无法访问该用户帐户.作为开发人员,Oauth2为我们提供了一种请求用户同意访问其数据的方式.无法避免必须始终获得用户的许可才能访问他们的数据.
You need to understand that private user data will always require you to have access. You cant access a users account without that users permission. Oauth2 gives us as developers a way of requesting consent of users to access their data. There is no way around that you will always have to have permission of the user to access their data.
现在,如果您拥有gsuite帐户,则可以使用服务帐户并设置域范围的委派,以允许该服务帐户访问域中的所有用户,那么它将能够代表用户执行操作而无需必须提示任何人.
Now if you have a gsuite account you can use a service account and set up domain wide delegation to allow the service account access to all of the users on the domain then it will be able to preform actions on behalf of the users without having to prompt anyone.
如果您仅访问一个您亲自控制的帐户,那么您还可以使用服务帐户并与该服务帐户共享日历,然后该服务帐户将有权访问该帐户并可以执行操作在它上面.
If you are only accessing a single account that you personally have control over then you could also use a service account and share the calendar with the service account and then the service account will have access to that account and be able to preform actions upon it.
凭据存储
new FileDataStoreFactory(new File(TOKENS_DIRECTORY_PATH)
表示存储凭据的位置"user"是一个字符串,表示要为其存储凭据的用户.
denotes where the credentials are stored "user" is a string denoting the user who you are storing credentials for.
这篇关于仅通过OAuth身份验证用户从Java后端创建Google日历事件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
