client_secrets.json 文件的用途是什么? [英] What is the usage of the client_secrets.json file?
问题描述
我正在使用 Python 中的 Google Tasks API 编写程序.我已经从 Google 下载并运行了示例应用程序,它带有一个名为 client_secrets.json 的文件.我知道该文件用于 OAuth 身份验证,但我的问题是我应该将此文件分发给用户吗?我应该将它推送到我的公共源代码库吗?还是应该保密?如果我不应该分享它,其他用户将如何进行身份验证?
I am working on writing a program using the Google Tasks API in Python. I have downloaded and run the sample application from Google, and it comes with a file called client_secrets.json. I understand that the file is used for OAuth authentication, but my question is should I distribute this file to users? Should I push it to my public source repo? Or is it supposed to be kept secret? If I shouldn't share it, how would other users do the authentication?
感谢阅读.
推荐答案
对您的客户保密.如果有人获得了你的客户秘密,他们可以用它来消耗你的配额,产生费用您的 Developers Console 项目,并请求访问用户数据.
Keep your client secret private. If someone obtains your client secret, they could use it to consume your quota, incur charges against your Developers Console project, and request access to user data.
所以不要提交或以其他方式分发文件.
So don't commit or otherwise distribute the file.
如果您想公开共享您的应用程序源代码,请指示其他人使用他们自己的 Google Developer 帐户注册他们自己的 Google Developer 项目并生成他们自己的应用程序 OAuth 凭据(client_secrets.json 文件)以用于他们的安装"的应用程序.
If you want to publicly share your application source code, instruct others to use their own Google Developer account to register their own Google Developer project and generate their own app OAuth credentials (client_secrets.json file) for use with their "installation" of the app.
如果您要将应用程序商业化,您似乎需要以受信任、受法律保护或安全的方式与他们共享应用程序凭据.
If you were making the application commercially available, you would seemingly need to share the app credentials with them in a trusted, legally protected, or secure manner.
这篇关于client_secrets.json 文件的用途是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
