Google Drive API、Oauth 和服务帐号 [英] Google Drive API, Oauth and service account

问题描述

我在 Google Drive API、服务帐户和身份验证方面遇到了一些问题.我读了很多，但我不知道如何解决这个问题.

I've some issues with Google Drive API, service account and authentication. I read a lot, but I cannot figure out how to solve this.

上下文:我的云端硬盘帐户中有一些文件(大约 35GB)和一个简单的网络应用程序，用户可以登录，查看我的云端硬盘中的一些选定文件夹/文件，并在需要时下载它们.唯一可以直接访问我的云端硬盘帐户的是(或应该是)我的服务器，用户通过网络应用程序/服务器完成他们的工作.

Context: I have some files on my Drive account (about 35GB) and a simple web app which let users to log in, see some selected folders/files from my Drive and download them if needed. The only one who can directly access to my Drive account is (or should be) my server, users do their stuff through web app/server.

经过一番搜索，我发现应该是完美的 服务器到服务器授权文档出于我的目的，但是，正如我所看到的，服务帐户不共享相同的驱动器空间:它们有自己的空间，并且不可升级.由于这个(奇怪的)限制，我无法使用服务帐户，因为我有超过 35GB 的空间，我需要共享"所有内容.

After some search I found server-to-server authorization docs that should be perfect for my purpose BUT, as I can see, service account does not share same Drive space: they have their own and it's not upgradable. Because of this (weird) limit I cannot use service account since I have more than 35GB and I need to "share" everything.

其他方式:使用标准"OAuth 来获取访问令牌，然后使用它来调用 Drive API，但访问令牌有一个过期日期，我不能每次都手动更新它.

Other way: use "standard" OAuth in order to obtain an access token and then use it to make call to Drive API, but access tokens have an expire date and I can't update it manually every time.

那么，第一个问题:有没有办法增加服务帐户的配额?如果没有，是否有办法像服务帐户一样使用我的普通"帐户(所有者)?

So, first question: is there a way to increase quota for service account? If not, if there a way to use my "normal" account (owner) acting like a service account?

第二个(虚拟)问题:我阅读了有关创建新的 OAuth 凭据的文档 最后您会获得一些示例代码和客户端机密"JSON.我运行了这个例子，但我不明白那个 JSON 文件的作用是什么:无论如何我必须登录并授予权限，我为什么需要它?

Second (dummy) question: I read docs about creating new OAuth credentials and at the end you obtain some example code and "client-secret" JSON. I run the example but I didn't understand what the role of that JSON file is: I must log in and give permission anyway, why do I need it?

第三个(足够愚蠢的)问题:如果 OAuth 是唯一的解决方案，有没有一种方法可以获取/刷新访问令牌，而无需每次都手动进行?我查看了 OAuth 文档，用户交互/确认"是身份验证流程中的基本内容之一，所以我认为这是不可能的.

Third (dummy enough) question: if OAuth is the only solution, is there a way to obtain/refresh access tokens without doing it manually every time? I looked at OAuth docs and "user interaction/confirmation" is one of the basic thing in the auth flow, so I don't think is possible.

推荐答案

将您的云端硬盘帐户的文件夹共享到您的服务帐户.
您的服务帐号的地址类似于 XXX@XXX.iam.gserviceaccount.com.
然后，您的服务帐户可以查看您云端硬盘帐户中的共享文件夹.
所以你有 35GB 的服务帐户.

Share your Drive account's folder to your service account.
Your service account's addresss looks like XXX@XXX.iam.gserviceaccount.com.
Then your service account can see the shared folder from your Drive account.
So you have 35GB service account.

这篇关于Google Drive API、Oauth 和服务帐号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！