简单AUTH GDATA-蟒蛇-API +分析 [英] gdata-python-api + Analytics with simple auth

问题描述

我正在使用谷歌API GDATA +客户端用户转换一个Python脚本/通过认证的东西更适合制作（API密钥）。我与他们的身份验证文档的混乱状态受挫pretty。我承认没有的OAuth2一个很大的把握，但似乎它是我的使用情况下，这是方式更加复杂：命中谷歌分析，每24小时您对我们网站在X最受欢迎的文章

I'm working on converting a Python script using the Google gdata API client + user/pass authentication to something more suitable for production (an API key). I am pretty frustrated with the muddled state of their documentation on authentication. I admittedly don't have a great grasp of OAuth2, but it seems like it's way more complicated for my usage case, which is: Hit Google Analytics every 24 hours to get the X most popular articles on our site.

在这种情况下，我们不应对修改别人的个人资料，以及所有的活动集中在一个帐户。它似乎并不像的OAuth2是值得的复杂性的东西那么简单了。

In this scenario, we're not dealing with modifying someone's personal data, and all activity is centered on one account. It doesn't seem like OAuth2 is worth the complexity for something so simple.

我看到，在谷歌API控制台（HTTPS：//$c$c.google.com/apis/console/），我已经注册了，并注意到有一个简单API访问部分是用一个密钥下方（这似乎是OAuth2用户）Web应用程序的客户端ID。另外还有谷歌域名更新页面，<一个href=\"https://www.google.com/accounts/UpdateDomain\">https://www.google.com/accounts/UpdateDomain,但似乎OAuth的关系。

I see that on the Google API Console (https://code.google.com/apis/console/), I've registered there and notice that there's a "Simple API Access" section with one key beneath the "Client ID for web applications" (which appears to be OAuth2). There's also the Google domain update page, https://www.google.com/accounts/UpdateDomain, but that appears to be OAuth related.

有什么办法来使用这个简单的API访问键（不是的OAuth），用于使用Python gdata的客户端获取分析数据，如果是这样，没有任何人有任何身份验证的例子吗？我已经有数据检索的东西，一旦工作验证，但我使用用户名/密码的方式，这是不恰当的生产。

Is there any way to use this Simple API Access key (not OAuth) for retrieving analytics data with the Python gdata client, and if so, does anyone have any authentication examples? I already have the data retrieval stuff working once authenticated, but I'm using the user/pass approach, which is not appropriate for production.

推荐答案

格雷格，

如果您已经在使用该库 GDATA-python的客户端 ，这是比较容易的，如果你是，你的应用程序将被授权的唯一用户做的。

If you are already using the library gdata-python-client, this is relatively easy to do if you are the only user that your application will be authorizing.

常规机制在博客文章作了详细2011年9月，但我会在这里描述它们的完整性。

The general mechanisms were detailed in a blog post in September, 2011, but I'll describe them here for completeness.

第1部分：转到 API控制台并开始一个新的项目。

Part 1: Go to the APIs console and start a new project.

第2部分：从项目，进入服务，并启用分析API

Part 2: From the project, go to "Services" and enable "Analytics API"

第3部分：从项目，进入API访问，然后单击创建一个OAuth 2.0客户端ID ...（你需要提供产品名称，虽然价值您提供的并不重要）。当问及应用程序类型，选择安装应用程序，然后选择创建客户端ID。既然你是唯一的用户，你只需要一个刷新令牌，您可以通过从桌面应用程序授权单的时候得到这个。

Part 3: From the project, go to "API Access" and click "Create an OAuth 2.0 client ID..." (you'll need to provide a product name, though the value you provide won't matter). When asked for the application type, select "Installed Application" and then "Create client ID". Since you will be the only user, you will only need one refresh token, and you can get this by authorizing from a desktop application a single time.

4部分：从API控制台获取您的客户端ID和客户端密钥，然后创建一个空的令牌：

Part 4: Get your client id and client secret from the APIs console and then create an empty token:

import gdata.gauth

CLIENT_ID = 'id-from-apis-console'
CLIENT_SECRET = 'secret-from-apis-console'
SCOPE = 'https://www.google.com/analytics/feeds/'  # Default scope for analytics

token = gdata.gauth.OAuth2Token(
    client_id=CLIENT_ID,
    client_secret=CLIENT_SECRET, 
    scope=SCOPE,
    user_agent='application-name-goes-here')

我从的GData常见问题解答范围，虽然我不知道这是否是正确的。

I got the scope from GData FAQ, though I'm not sure if it is correct.

5部分：使用令牌创建授权网址为您访问：

Part 5: Use the token to create authorization URL for you to visit:

url = token.generate_authorize_url(redirect_uri='urn:ietf:wg:oauth:2.0:oob')

由于您的应用程序是一个已安装应用程序，您的重定向URI是默认的'金塔：IETF：WG：OAuth的：2.0：OOB 。 （还要注意，博客帖子有一个错字和所使用的关键字参数 REDIRECT_URL ）

Since your application is an "Installed Application", your redirect URI is the default 'urn:ietf:wg:oauth:2.0:oob'. (Also note, the blog post had a typo and used the keyword argument redirect_url.)

第6部分：访问的URL，并授权您的应用程序，以代表您的帐户的请求。授权后，您会被重定向到一个页面上有一个code。这code将被用来交换访问令牌和长寿命的刷新令牌。在code有10分钟的生活和访问令牌有一个小时的生活。刷新令牌将让你获得新的访问令牌用于永久签名请求（或直到您撤销从您的账户的权限）。

Part 6: Visit the url and authorize your application to make requests on behalf of your account. After authorizing, you'll be redirected to a page with a code on it. This code will be used to exchange for an access token and a long-lived refresh token. The code has a life of 10 minutes and the access token has a life of an hour. The refresh token will allow you to get new access tokens for signing requests in perpetuity (or until you revoke the permission from your account).

7部分：使用code以获得访问令牌：

Part 7: Use the code to get an access token:

code = 'random-string-from-redirected-page'
token.get_access_token(code)  # This returns the token, but also changes the state

这再次略有博客文章不同，因为我们使用的是安装的应用程序。

This again differs slightly from the blog post, because we are using an installed application.

第8部分：与令牌你现在可以让你想给Analytics客户的所有要求：

Part 8: With the token you can now make all requests you want to make to the analytics client:

import gdata.analytics.client

client = gdata.analytics.client.AnalyticsClient()
token.authorize(client)

这是大资金就在这里。当一个访问令牌过期，该令牌签署API请求被拒绝。然而，通过授权客户端如上所述，当上述请求失败，标记尝试使用刷新令牌来获取新的访问令牌。如果成功获得一个新访问令牌，客户端重新发送原来的API请求，与新的访问令牌签署。

This is the big money right here. When an access token expires, the API requests signed with that token are rejected. However, by authorizing the client as above, when the said requests fail, the token attempts to use the refresh token to obtain a new access token. If it successfully obtains a new access token, the client resends the original API request, signed with the new access token.

我不知道有关分析API事情，所以我不会提供任何更多的细节在那里。

I don't know anything about the Analytics API so I won't provide any more details there.

以后使用注1 ：保存以备将来使用信息。来自不同的地方，这种用法很容易后，您可以重新使用它。有所谓的方法 token_to_blob ，并通过允许把一个标记为一个字符串和转换出的库提供的 token_from_blob 字符串：

Future Use Note 1: Saving information for future use. You can re-use this from different places and after this use very easily. There are methods called token_to_blob and token_from_blob provided by the library that allow turning a token into a string and converting out of a string:

saved_blob_string = gdata.gauth.token_to_blob(token)

一旦你做到了这一点，您可以将字符串存储在一个文件，并杀了你执行Python程序。当你想再次使用它：

Once you have done this, you can store the string in a file and kill your running Python process. When you'd like to use it again:

saved_blob_string = retrieve_string_from_file()  # You'll need to implement this
token = gdata.gauth.token_from_blob(saved_blob_string)

以后使用注2 ：此标记将能够用于授权客户端，再而三执行所有你的魔法，只要你有刷新令牌左右。如果由于某种原因，你想不调用 token.generate_authorize_url 标记再次获得访问，你需要手动设置这个对象上：

Future Use Note 2: This token will be able to be used to authorize a client and perform all your magic again and again, so long as you have the refresh token around. If for some reason you would like to get an access token again without calling token.generate_authorize_url, you'll need to manually set this on the object:

token.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'

以后使用注3 ：另外，如果你失去了你的刷新令牌，并希望得到另一个，而不必去到浏览器的撤销原来，你可以使用 approval_prompt 参数通过访问所产生的URL，以获取新的刷新令牌：

Future Use Note 3: Also, if you lose your refresh token and would like to get another one without having to go to the browser to revoke the original, you can use the approval_prompt parameter to get a new refresh token by visiting the url generated by:

url = token.generate_authorize_url(
    redirect_uri='urn:ietf:wg:oauth:2.0:oob',
    approval_prompt='force')

这篇关于简单AUTH GDATA-蟒蛇-API +分析的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！