谷歌日历API V3硬codeD凭据 [英] Google Calendar API v3 hardcoded credentials
问题描述
我写的应该允许用户某些事件添加到个人谷歌日历PHP应用程序。日历是由我所拥有的,我需要一种方法让PHP能使用固定的凭据日历API通讯(每个人都可以添加使用本网站上的表单事件,但日历本身是不公开可见的)。
从我已阅读,这是可能的1.0版API中使用ClientLogin。在第3版API,但是,可用的选项的OAuth2.0或API密钥。使用API密钥似乎并没有工作,因为它只能用于不需要授权请求,和OAuth看起来不正确或者,因为用户不应该访问自己的日历,但我的一个应用程序使用。
我想过让OAuth令牌编程,但是这势必打破早晚,因为OAuth的对话框中可以使用的验证码。
这似乎是这样的标准用例 - 一个Web应用程序,让用户在某些predefined方式单个日历互动 - 但我找不到如何使它的V3 API中发生的任何文件。谁能帮我?
您需要同时使用开发人员密钥(API密钥)和OAuth2用户。开发人员对进行身份验证谁写的软件,以及用于诸如配额是基于每个开发人员的基础不是每个用户的基础。 OAuth2用户对用户身份验证,将需要访问非公共日历。
的OAuth2有一个更新的令牌,从中可以生成一个会话令牌,这意味着你不需要屏幕刮的OAuth的屏幕得到验证。为了得到这个我会写一个小命令行应用程序,或者你使用一次性的PHP页面。
- 在谷歌API控制台中去API访问
- 生成一个新的客户端ID,并选择安装软件的(因为你会被验证你的服务器,你并不像你的用户)
- 或者使用一个控制台应用程序或一次性的PHP页面身份验证使用OAuth和您的谷歌帐户(一个你想要访问日历)
- 在从认证的回报应该有一个更新的令牌(称为更新或刷新或类似的东西)。保存这个字符串,并将其提供给您的PHP站点。
- 当您需要访问您的OAuth库应该有一个更新/刷新调用该服务。有使用的.Net下面的例子。
私人IAuthorizationState CreateAuthorization(NativeApplicationClient ARG)
{
//获取验证网址:
IAuthorizationState状态=新AuthorizationState(新[] {AdsenseService.Scopes.AdsenseReadonly.GetStringValue()});
state.Callback =新的URI(NativeApplicationClient.OutOfBandCallbackUrl);
如果(refreshToken.IsNotNullOrEmpty())// refreshToken你存储在步骤4
{
尝试
{
state.RefreshToken = refreshToken;
如果(arg.RefreshToken(州))//这是呼唤与刷新令牌取回一个会话令牌的OAuth的服务器,如果成功返回true。
{
如果(state.RefreshToken!= refreshToken)//如果刷新令牌已经改变,将其保存。
{
PersistRefreshToken(authorization.RefreshToken);
}
返回this.authorization =状态; //保留授权状态,这是将验证您的来电。
}
}
赶上(前的ProtocolException){...}
这现在已经更新了AuthorisationState可以用来验证调用您对API。直到它过期这个状态可以用很多的时间,然后就可以被刷新。当你正在验证您的应用程序作为自己不是作为一个用户这个AuthorisationState可以通过你的会话共享。无论是当前AuthorisationState和刷新令牌应该安全地将您的服务器上保存,并永远不会被发送到客户端,如果你发送这些为您的客户将有相同权限的响应的一部分作为你的code应用程序
I am writing a PHP application that's supposed to allow users to add certain events to a private Google Calendar. The calendar is owned by me, and I need a way for PHP to communicate with the calendar API using fixed credentials (everyone can add events using a form on the website, but the calendar itself is not publicly visible).
From what I have read, this is possible using ClientLogin in the v1 API. In the v3 API, however, the available options are OAuth2.0 or the API key. Using the API key doesn't seem to work, since it can only be used for requests that don't require authorization, and OAuth doesn't seem right either, because users are not supposed to access their own calendars, but the one my application uses.
I thought about getting the OAuth token programatically, but that's bound to break sooner or later, since the OAuth dialog can use captchas.
This seems to be such a standard use case — a web application that lets users interact with a single calendar in some predefined ways — yet I can't find any documentation on how to make it happen in the v3 API. Can anyone help me?
You will need to use both the Developer Key (API Key) and OAuth2. The developer key authenticates who wrote the software and is used for things like quota which is on a per developer basis not a per user basis. OAuth2 is for user authentication and will be need to access the non-public calendar.
OAuth2 has a renew token from which you can generate a session token and this means that you will not need to screen scrape the OAuth screens to get authenticated. To get this I would write a little command line application, or you use a one off PHP page.
- Under the Google Api Console go to API Access
- Generate a new Client ID and choose Installed Application ( as you will be authenticating you server as you not as your user)
- Either using a console app or a one off PHP page authenticate using OAuth and your google account (the one with the calendar you want access to)
- In the return from the authentication there should be a renew token, (called renew or refresh or something similar). Save this string and make it available to your PHP site.
- When you need to access the service your OAuth library should have a renew/refresh call. There is an example using .Net below.
private IAuthorizationState CreateAuthorization(NativeApplicationClient arg)
{
// Get the auth URL:
IAuthorizationState state = new AuthorizationState(new[] { AdsenseService.Scopes.AdsenseReadonly.GetStringValue() });
state.Callback = new Uri(NativeApplicationClient.OutOfBandCallbackUrl);
if (refreshToken.IsNotNullOrEmpty()) // refreshToken you stored in step 4
{
try
{
state.RefreshToken = refreshToken;
if (arg.RefreshToken(state)) // This is calling out to the OAuth servers with the refresh token getting back a session token, returns true if successful.
{
if (state.RefreshToken != refreshToken) // if the refresh token has changed, save it.
{
PersistRefreshToken(authorization.RefreshToken);
}
return this.authorization = state; // Retain the authorization state, this is what will authenticate your calls.
}
}
catch (ProtocolException ex) {...}
The AuthorisationState that has now been renewed can then be used to authenticate call you make to the API. this state can be used many time until it expires and then can be refreshed. As you are authenticating your application as yourself not as a user this AuthorisationState can be shared by all you sessions. Both the current AuthorisationState and the refresh token should be kept securely on your server and never sent to the client, if you ever sent these as part of a response your clients would have the same privileges as your code application
这篇关于谷歌日历API V3硬codeD凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
