gdata-python-api + 带有简单身份验证的分析 [英] gdata-python-api + Analytics with simple auth
问题描述
我正在使用 Google gdata API 客户端 + 用户/密码验证将 Python 脚本转换为更适合生产的脚本(API 密钥).我对他们关于身份验证的文档的混乱状态感到非常沮丧.诚然,我对 OAuth2 没有很好的掌握,但对于我的使用案例来说,它似乎要复杂得多,即:每 24 小时点击一次 Google Analytics,以获取我们网站上 X 篇最受欢迎的文章.
在这种情况下,我们不处理修改某人的个人数据,所有活动都集中在一个帐户上.对于这么简单的事情来说,OAuth2 似乎不值得复杂化.
我在 Google API 控制台 (https://code.google.com/apis/console/) 上看到,我已经在那里注册并注意到有一个简单 API 访问"部分,在"Web 应用程序的客户端 ID"(似乎是 OAuth2).还有 Google 域更新页面,https://www.google.com/accounts/UpdateDomain,但这似乎与 OAuth 相关.
有什么方法可以使用这个简单的 API 访问密钥(不是 OAuth)通过 Python gdata 客户端检索分析数据,如果是这样,有人有任何身份验证示例吗?我已经让数据检索工作在经过身份验证后工作,但我使用的是用户/密码方法,这不适用于生产.
Greg,
如果您已经在使用库gdata-python-client,这是如果您是应用程序将授权的唯一用户,则相对容易.
在博文中详细介绍了一般机制2011 年 9 月,但为了完整起见,我将在此处对其进行描述.
第 1 部分:转到 API 控制台并开始一个新项目.
第 2 部分:从项目中,转到服务"并启用分析 API"
第 3 部分:从项目中,转到API 访问"并单击创建 OAuth 2.0 客户端 ID..."(您需要提供产品名称,但值你提供没有关系).当询问应用程序类型时,选择已安装的应用程序",然后选择创建客户端 ID".由于您将是唯一的用户,因此您只需要一个刷新令牌,并且您可以通过从桌面应用程序授权一次来获得它.
第 4 部分:从 API 控制台获取您的客户端 ID 和客户端密钥,然后创建一个空令牌:
导入 gdata.gauthCLIENT_ID = 'id-from-apis-console'CLIENT_SECRET = '来自 API 控制台的秘密'SCOPE = 'https://www.google.com/analytics/feeds/' # 分析的默认范围令牌 = gdata.gauth.OAuth2Token(client_id=CLIENT_ID,client_secret=CLIENT_SECRET,范围=范围,user_agent='application-name-goes-here')我从 GData 常见问题解答 获得了范围,但我不确定它是否正确.
第 5 部分:使用令牌创建授权 URL 供您访问:
url = token.generate_authorize_url(redirect_uri='urn:ietf:wg:oauth:2.0:oob')由于您的应用程序是已安装的应用程序",因此您的重定向 URI 是默认的 'urn:ietf:wg:oauth:2.0:oob'.(另请注意,该博文有一个错字,并使用了关键字参数 redirect_url.)
第 6 部分:访问 url 并授权您的应用程序代表您的帐户提出请求.授权后,您将被重定向到带有代码的页面.此代码将用于交换访问令牌和长期刷新令牌.代码的生命周期为 10 分钟,访问令牌的生命周期为一小时.刷新令牌将允许您永久获取用于签署请求的新访问令牌(或直到您撤销帐户的许可).
第 7 部分:使用代码获取访问令牌:
code = 'random-string-from-redirected-page'token.get_access_token(code) # 这会返回令牌,但也会改变状态这再次与博客文章略有不同,因为我们使用的是已安装的应用程序.
第 8 部分:使用令牌,您现在可以向分析客户端发出您想要发出的所有请求:
import gdata.analytics.client客户端 = gdata.analytics.client.AnalyticsClient()令牌授权(客户端)这是一笔巨款.当访问令牌过期时,使用该令牌签名的 API 请求将被拒绝.但是,通过如上所述对客户端进行授权,当所述请求失败时,token 会尝试使用刷新令牌来获取新的访问令牌.如果它成功获取新的访问令牌,客户端会重新发送原始 API 请求,并使用新的访问令牌进行签名.
我对 Analytics API 一无所知,因此我不会在那里提供更多详细信息.
未来使用注意事项 1:保存信息以备将来使用.您可以从不同的地方重新使用它,并且在使用之后非常容易.库提供了名为 token_to_blob 和 token_from_blob 的方法,它们允许将令牌转换为字符串并转换为字符串:
saved_blob_string = gdata.gauth.token_to_blob(token)完成此操作后,您可以将字符串存储在文件中并终止正在运行的 Python 进程.当您想再次使用它时:
saved_blob_string = retrieve_string_from_file() # 你需要实现这个令牌 = gdata.gauth.token_from_blob(saved_blob_string)未来使用注意事项 2:只要您有刷新令牌,此令牌将能够用于授权客户端并一次又一次地执行所有魔术.如果出于某种原因,您想在不调用 token.generate_authorize_url 的情况下再次获取访问令牌,则需要在对象上手动设置:
token.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'未来使用注意事项 3:此外,如果您丢失了刷新令牌并希望获得另一个刷新令牌而不必转到浏览器 撤销原来的,可以使用approval_prompt参数访问生成的url获取新的刷新令牌:
url = token.generate_authorize_url(redirect_uri='urn:ietf:wg:oauth:2.0:oob',批准提示='强制')I'm working on converting a Python script using the Google gdata API client + user/pass authentication to something more suitable for production (an API key). I am pretty frustrated with the muddled state of their documentation on authentication. I admittedly don't have a great grasp of OAuth2, but it seems like it's way more complicated for my usage case, which is: Hit Google Analytics every 24 hours to get the X most popular articles on our site.
In this scenario, we're not dealing with modifying someone's personal data, and all activity is centered on one account. It doesn't seem like OAuth2 is worth the complexity for something so simple.
I see that on the Google API Console (https://code.google.com/apis/console/), I've registered there and notice that there's a "Simple API Access" section with one key beneath the "Client ID for web applications" (which appears to be OAuth2). There's also the Google domain update page, https://www.google.com/accounts/UpdateDomain, but that appears to be OAuth related.
Is there any way to use this Simple API Access key (not OAuth) for retrieving analytics data with the Python gdata client, and if so, does anyone have any authentication examples? I already have the data retrieval stuff working once authenticated, but I'm using the user/pass approach, which is not appropriate for production.
Greg,
If you are already using the library gdata-python-client, this is relatively easy to do if you are the only user that your application will be authorizing.
The general mechanisms were detailed in a blog post in September, 2011, but I'll describe them here for completeness.
Part 1: Go to the APIs console and start a new project.
Part 2: From the project, go to "Services" and enable "Analytics API"
Part 3: From the project, go to "API Access" and click "Create an OAuth 2.0 client ID..." (you'll need to provide a product name, though the value you provide won't matter). When asked for the application type, select "Installed Application" and then "Create client ID". Since you will be the only user, you will only need one refresh token, and you can get this by authorizing from a desktop application a single time.
Part 4: Get your client id and client secret from the APIs console and then create an empty token:
import gdata.gauth
CLIENT_ID = 'id-from-apis-console'
CLIENT_SECRET = 'secret-from-apis-console'
SCOPE = 'https://www.google.com/analytics/feeds/' # Default scope for analytics
token = gdata.gauth.OAuth2Token(
client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
scope=SCOPE,
user_agent='application-name-goes-here')
I got the scope from GData FAQ, though I'm not sure if it is correct.
Part 5: Use the token to create authorization URL for you to visit:
url = token.generate_authorize_url(redirect_uri='urn:ietf:wg:oauth:2.0:oob')
Since your application is an "Installed Application", your redirect URI is the default 'urn:ietf:wg:oauth:2.0:oob'. (Also note, the blog post had a typo and used the keyword argument redirect_url.)
Part 6: Visit the url and authorize your application to make requests on behalf of your account. After authorizing, you'll be redirected to a page with a code on it. This code will be used to exchange for an access token and a long-lived refresh token. The code has a life of 10 minutes and the access token has a life of an hour. The refresh token will allow you to get new access tokens for signing requests in perpetuity (or until you revoke the permission from your account).
Part 7: Use the code to get an access token:
code = 'random-string-from-redirected-page'
token.get_access_token(code) # This returns the token, but also changes the state
This again differs slightly from the blog post, because we are using an installed application.
Part 8: With the token you can now make all requests you want to make to the analytics client:
import gdata.analytics.client
client = gdata.analytics.client.AnalyticsClient()
token.authorize(client)
This is the big money right here. When an access token expires, the API requests signed with that token are rejected. However, by authorizing the client as above, when the said requests fail, the token attempts to use the refresh token to obtain a new access token. If it successfully obtains a new access token, the client resends the original API request, signed with the new access token.
I don't know anything about the Analytics API so I won't provide any more details there.
Future Use Note 1: Saving information for future use. You can re-use this from different places and after this use very easily. There are methods called token_to_blob and token_from_blob provided by the library that allow turning a token into a string and converting out of a string:
saved_blob_string = gdata.gauth.token_to_blob(token)
Once you have done this, you can store the string in a file and kill your running Python process. When you'd like to use it again:
saved_blob_string = retrieve_string_from_file() # You'll need to implement this
token = gdata.gauth.token_from_blob(saved_blob_string)
Future Use Note 2: This token will be able to be used to authorize a client and perform all your magic again and again, so long as you have the refresh token around. If for some reason you would like to get an access token again without calling token.generate_authorize_url, you'll need to manually set this on the object:
token.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
Future Use Note 3: Also, if you lose your refresh token and would like to get another one without having to go to the browser to revoke the original, you can use the approval_prompt parameter to get a new refresh token by visiting the url generated by:
url = token.generate_authorize_url(
redirect_uri='urn:ietf:wg:oauth:2.0:oob',
approval_prompt='force')
这篇关于gdata-python-api + 带有简单身份验证的分析的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
