使用GCP服务帐户创建Google日历活动 [英] Creating Google Calendar events with a GCP Service Account
问题描述
我想装配东西,以便我的GCP服务帐户可以邀请用户参加日历活动.因此,例如my-service-account@myproject.iam.gserviceaccount.com将邀请user@myCorporation.com参加活动.在我看来,这可以简单地通过授予my-service-account@myproject.iam.gserviceaccount.com使用日历API的权限,而无需user@myCorporation.com授予任何其他权限来实现.
I would like to rig things so that my GCP service account can invite users to calendar events. So for example my-service-account@myproject.iam.gserviceaccount.com would invite user@myCorporation.com to an event. It seems to me that this should be possible simply by giving my-service-account@myproject.iam.gserviceaccount.com permission to use the Calendar API, without having user@myCorporation.com grant any additional permissions.
我尝试实施此示例,但将计算范围和计算API调用替换为日历范围和日历API调用.我的代码返回了错误
I tried to implement this example, but replaced the compute scope and the compute API calls with the calendar scope and calendar API calls. My code is returning the error
Insufficient Permission: Request had insufficient authentication scopes.
我在互联网上闲逛了一堆,但我无法判断问题出在我做错了还是谷歌不支持我正在尝试做的事.
I've poked around on the internet a bunch, and I cannot tell if the problem is that I did something wrong or if the problem is that Google does not support what I'm trying to do.
我将不胜感激.
这是我的代码:
const {google} = require('googleapis');
const compute = google.compute('v1');
const {GoogleAuth} = require('google-auth-library');
async function main() {
const auth = new GoogleAuth({
scopes: ['https://www.googleapis.com/auth/calendar',
'https://www.googleapis.com/auth/compute']
});
//keeping the compute stuff in as a sanity check
//to ensure that the problem is with calendar, not something more general
const authClient = await auth.getClient();
const project = await auth.getProjectId();
const res = await compute.zones.list({project, auth: authClient});
console.log(res.data);
createEvent(auth);
}
/**
* Lists the next 10 events on the user's primary calendar.
* @param {google.auth.OAuth2} auth An authorized OAuth2 client.
*/
function createEvent(auth) {
const calendar = google.calendar({version: 'v3', auth});
calendar.events.insert({
calendarId: 'primary',
event: {
"description": "my test event",
"start": {
"date": "2020-05-20",
},
attendees: [{email: "myGuest@mailinator.com"}]
}
}
);
}
main().catch(console.error);
推荐答案
答案:
您需要在三个位置启用API并提供范围:在您的身份验证代码,GCP控制台和Google Admin控制台中.
正如我在评论中解释的那样,您提供的代码应该可以正常运行. Insufficient Permission: Request had insufficient authentication scopes.错误是由于服务帐户无法访问Google一方所需的范围所导致的.
As I explained in the comments, the code you have provided should run without issue. The Insufficient Permission: Request had insufficient authentication scopes. error is a result of the service account not being given access to the required scopes somewhere on Google's side.
确保您已完成以下步骤:
Make sure you have completed the following steps:
- 在应用程序中将范围提供为auth对象(您已经完成):
const auth = new GoogleAuth({
scopes: ['https://www.googleapis.com/auth/calendar',
'https://www.googleapis.com/auth/compute']
});
- 在 GCP控制台中为您的服务帐户GCP项目启用了日历API.
- 在GCP的OAuth同意屏幕设置中为您的服务帐户提供了必需的范围.
- 在 Google管理控制台中向服务帐户添加了必需的范围.这是通过遵循
Security > Advanced Settings > Manage API client accessUI元素并将服务帐户所需的 all 作用域分配给服务帐户客户端ID来完成的.
- Enabled the Calendar API in the GCP console for your Service Account GCP Project.
- Provided the required scopes for your service account in the OAuth consent screen settings in GCP.
- Added the required scopes to the service account in the Google Admin console. This is done by following the
Security > Advanced Settings > Manage API client accessUI elements, and assigning all scopes the service account needs to the service account client ID.
注意:此最后一步必须由域管理员完成,而不是任何其他人都不能完成.
在这种情况下,您需要联系您的域管理员以授予您的项目API访问权限.
In this case, you will need to contact your domain admin to give your project API access.
希望对您有帮助!
- Google API Console
- Google Admin Console
这篇关于使用GCP服务帐户创建Google日历活动的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
