Google Calendar V3 2 Legged 身份验证失败 [英] Google Calendar V3 2 Legged authentication fails

问题描述

我正在尝试创建访问公司(商业)私人日历的网页，并在时间段可用时插入事件.我仍然面临身份验证问题.

I'm trying to create web page that access the (business) private calendar of the company and insert events if the time slot is available. Still I'm facing an authentication problem.

API 手册指出我应该使用 API 密钥和 Oauth2LeggedAuthenticator，所以我做了所有这些并且被触发的请求非常好(它有一个 oauth 令牌等)但是响应仍然是 Invalid Credentials 的例外；说来容易，我的凭证错了，clientID、clientSecret和API Key仍然有效；我怀疑 2legged 验证器的最后 2 个参数，这是正确的吗?

The API manual states that I should use an API key and Oauth2LeggedAuthenticator, so I did all this and the request that is fired is quite okey (it has a oauth token and such) But still the response is an exception with Invalid Credentials; Easy to say is that my credentials are wrong, still clientID, clientSecret and API Key are valid; I doubt the 2 last params of the 2legged authenticater, is this correct?

var provider = new NativeApplicationClient(GoogleAuthenticationServer.Description);
provider.ClientIdentifier = ClientCredentials.ClientID;
provider.ClientSecret = ClientCredentials.ClientSecret;

var authenticator =
new OAuth2LeggedAuthenticator(ClientCredentials.ClientID, ClientCredentials.ClientSecret, "myworkusername", "workdomain.com");


Google.Apis.Calendar.v3.CalendarService service = new Google.Apis.Calendar.v3.CalendarService(authenticator);

service.Key = ClientCredentials.ApiKey;


var result = service.CalendarList.List().Fetch();

Assert.IsTrue(result.Items.Count > 0);

推荐答案

注意:在撰写本文时，您只能对 Google Apps for Business/Eduction 使用 2-legged 身份验证，这不适用于个人帐户，因为有无法获得 OAuth 1.0 密钥/秘密对，您必须至少使用一次在线身份验证(但您可以使用浏览器外选项，因此您不必创建专用页面).

NB: At the time of writing you can only used 2-legged authentication with Google Apps for Business/Eduction, this won't work on personal accounts as there's no way to get an OAuth 1.0 key/secret pair, you will have to use online authentication at least once (but you can use the out-of-browser option so you don't have to create a dedicated page).

除了您不需要与 NativeApplicationClient 相关的前三行之外，您的代码是正确的.这很可能失败，因为您没有正确设置 OAuth 密钥，这会导致 401.

Your code is correct apart from you don't need the first three lines relating to the NativeApplicationClient. This is most likely failing because you haven't properly set the OAuth keys, this causes 401s.

导致 401 的另一件事是使用matt@example.com"而不是matt"作为用户名，用户名不包括您的域.

The other thing that causes 401s is using "matt@example.com" instead of "matt" as the username, the username is without including your domain.

要设置 OAuth，请按照 这篇文章来自 Google.

To setup OAuth follow the instructions in this article from Google.

需要注意的最重要的部分是允许访问所有 API"必须取消选中，并且您必须单独授予对所有 API 的访问权限.如果没有这样做，您将收到 401 Invalid Credentials 错误.然后，您还需要在 api 控制台中开启这些服务.如果 api 控制台步骤尚未完成，您将收到 403 Daily Limit Exceeded 的不同错误.

The most important parts to note are "Allow access to all APIs" must be unchecked and you have to individually grant access to all the APIs. If this hasn't been done you will get a 401 Invalid Credentials error. You then also need to turn those services on in the api console. If the api console step hasn't been done you will get a different error of 403 Daily Limit Exceeded.

如果您之前依赖允许访问所有 API"来使用各种服务，这会给您带来问题，据我所知，您必须单独授予它们以使用 v3 API.这似乎已被谷歌确认(第 4 次回复由 Nicolas Garnier 撰写)并且据说是一个错误，但那是一篇旧帖子，所以它看起来好像还存在.

This will cause you problems if you were previously relying on the "Allow access to all APIs" to use various services, you will have to grant them all individually as far as I understand it to use the v3 APIs. This seems to have been confirmed by google (4th reply by Nicolas Garnier) and is supposedly a bug, but that is an old post so it looks as if it's here to stay.

作为参考，一旦完成，此代码将起作用，本质上与您的相同:

For reference once this has been done, this code will work, which in essence is the same as yours:

var auth = new OAuth2LeggedAuthenticator(domainName, consumerSecret, usernameWithoutDomain, domainName);  //domainName is presently used as the OAuth ConsumerKey for Google's 2legged OAuth

var service = new CalendarService(auth);

service.Key = serviceKey;

var results = service.CalendarList.List().Fetch();

Console.WriteLine(results.Items.Count);

总结:

在 Google Apps 中管理此域">高级工具"

In Google Apps "Manage this Domain" > "Advanced Tools"

使用管理 OAuth 域密钥"启用密钥，生成密钥，取消选中允许访问所有 API".

Using "Manage OAuth domain key" enable key, generate secret, uncheck "Allow access to all APIs".

使用管理第三方 OAuth 客户端访问"启用您想要访问的 API，使用您的域作为客户端名称"和您想要访问的 API，例如http://www.google.com/calendar/feeds/"用于日历.

Using "Manage third party OAuth Client access" enable the APIs you want access to using your domain as "Client Name" and the APIs you want to access e.g. "http://www.google.com/calendar/feeds/" for the calendar.

然后最后在API控制台中创建一个项目，使用API​​Key作为serviceKey上面的例子并打开你需要访问的API.

Then finally create a project in the API console, use the APIKey as the serviceKey in the above example and turn on the APIs you need to access.

我正在回答这个问题，因为当我试图找出为什么我的代码不断返回 401 时，我一直在问这个问题.希望这对某人有所帮助，因为 Google 的说明很糟糕，而且目前到处都是.

I am answering this as I kept hitting this question when I was trying to find out why my code was constantly returning 401s. Hope this helps someone as the Google instructions are awful and scattered all over the place at the moment.

这篇关于Google Calendar V3 2 Legged 身份验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！