访问使用OAuth 2年长的GData的API(S preadsheet API)和服务帐户 [英] Accessing older GData APIs (Spreadsheet API) using OAuth 2 and a service account
问题描述
简短的问题是,是否这是可能的,如果是这样,怎么样?
The short question is whether is this possible and if so, how?
我目前使用服务帐户在整个使用谷歌驱动器API,谷歌的企业应用套件域访问信息的.NET应用程序。这工作正常使用谷歌API-DOTNET客户端库和code沿着相同的路线如图所示,样品中这里 - 这是目前我是一个非常良好的基础的例子做的事情。
I have a .NET application which currently uses a service account to access information across a Google Apps domain using the Google Drive API. This works fine using the google-api-dotnet-client library and code along the same lines as shown in the samples here - which are currently a very good basic example of what I'm doing.
我想现在要做的就是扩展它,以便以及使用那些提供的API新的谷歌API-DOTNET客户端库,它使用了旧的GData的库,通过提供 旧的谷歌gdata的库,特别是在S preadsheets API(也许还有更多的惊喜)。
What I want to do now is extend it so as well as using those APIs provided by the "new" google-api-dotnet-client library, it uses the older "GData" libraries, as provided for via the older google-gdata library, specifically the Spreadsheets API (and perhaps more to come).
这是哪里的困难出现。前者库不正是我想要的,就证明了在第一个段落上方的第二个链接 - 而事实上我有它这样做我自己。 然而 ...虽然第二个库已更新,以支持的OAuth 2.0除的OAuth 1.0和其它老的身份验证技术,它不会 - 因为据我可以告诉由粗放谷歌搜索和TRAIL-错 - 允许代表我的所有用户的服务帐户的操作,我需要在
This is where the difficulty arises. The former library does exactly what I want, as evidenced by the second link in the first paragraph above - and the fact I have it doing it myself. HOWEVER... although the second library has been updated to support OAuth 2.0 in addition to OAuth 1.0 and the other older auth techniques, it does not - as far as I can tell from extensive Googling and trail-and-error - allow the "service account on behalf of all my users" operation which I need.
我的问题是我想的东西(可能是很难找到或无证的东西),这将让我做我想做的。如果做不到这一点,有没有什么办法,我可以迫使这种行为,使这两个库运行并排?
My question is whether I'm missing something (possibly a hard to find or undocumented something) which would allow me to do what I want. Failing that, is there any way I could force this behaviour and make these two libraries operate side by side?
理想我很想具有 Google.GData.S preadsheets.S preadsheetsService 实例能够利用的<$的一些方法C $ C> Google.Apis.Authentication.Auth2Authenticator&LT; AssertionFlowClient&GT;我已经使用...不知何故实例。就是这样巫术可能吗?我是我缺少明显?
Ideally I would love some way of having the Google.GData.Spreadsheets.SpreadsheetsService instance be able to take advantage of the Google.Apis.Authentication.Auth2Authenticator<AssertionFlowClient> instance I'm already using... somehow. Is such witchcraft possible? I'm I missing the obvious?
如果做不到这一点,我很高兴做全OAuth2的断言流客户端舞再次,如果我必须这样做,以某种方式,旧库可以处理。
Failing that, I'm happy to do the whole OAuth2 "assertion flow client" dance again if I have to, in some way that the older library can handle.
帮助?
我已经考虑 - 并拒绝暂时 - 从头开始,写我自己的库来实现这一目标的选项。这是由于两个原因:
I have considered - and rejected for the time being - the option of starting from scratch and writing my own library to make this happen. This is for two reasons:
- 的gdata的库已经存在,并已开发了不少人可能比我聪明。我没有那么嚣张,我相信我可以做的更好。
- 在我不能确定的OAuth2与服务帐户的做法甚至支持/允许对这些旧的API。
这是另一种方法,我一直希望避免的,但可能要回落到根据这里的答案将是使用两方模式OAuth 1.0的这个部分。我想preFER不,因为该应用程序具有部分依赖于一个旧的身份验证方法,而其他部分做了漂亮的新方式只是觉得我错了。而且有那么多的多了去了错了...
An alternate approach which I've been hoping to avoid but may have to fall back to depending on the answers here will be to use 2-legged OAuth 1.0 for portions of this. I'd prefer not to, as having parts of the app rely on one old auth method whilst other parts do it the nice new way just feels wrong to me. And there's that much more to go wrong...
我已经考虑子类GDataRequestFactory和GDataRequest这样我就可以让我对自己的要求工厂有采取 Google.Apis.Authentication.Auth2Authenticator&LT的实例的可能性; AssertionFlowClient&GT; (当然, Google.Apis.Authentication.IAuthenticator 反正一个实例),它可以介入进行身份验证之前,它被称为请求。然而......在构造GDataRequest是内部的,它已经停止了我。
I have considered the possibility of subclassing GDataRequestFactory and GDataRequest so I can make my own request factory and have that take the instance of Google.Apis.Authentication.Auth2Authenticator<AssertionFlowClient> (well, an instance of Google.Apis.Authentication.IAuthenticator anyway) which could step in to authenticate the request just before it's called. However... the constructor for GDataRequest is internal, which has stopped me.
这真的这样看是不是注定的。
It's really looking like this isn't meant to be.
推荐答案
为了其他人过这个问题(目前,在接受的答案链接到该解决方案采用德precated code)的到来,这里是我如何解决它:
For the sake of other folks coming across this question (now that the solution linked to in the accepted answer uses deprecated code), here's how I solved it:
首先,在新的API土地(使用 Google.Apis.Auth 的NuGet包),通过设置 ServiceAccountCredential 下谷歌的<一href="https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#service_account">Service帐户例如:
First, start in "new API" land (use the Google.Apis.Auth nuget package) by setting up a ServiceAccountCredential following Google's Service Account example:
//In the old api, this accessed the main api accounts' sheets, not anymore
//** Important ** share spreadsheets with the Service Account by inviting the "serviceAccountEmail" address to the sheet
string serviceAccountEmail = "12345697-abcdefghijklmnop@developer.gserviceaccount.com";
var certificate = new X509Certificate2(@"key.p12", "notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { "https://spreadsheets.google.com/feeds", "https://docs.google.com/feeds" }
}.FromCertificate(certificate));
告诉凭证来请求访问令牌:
Tell the credential to request an Access Token:
credential.RequestAccessTokenAsync(System.Threading.CancellationToken.None).Wait();
现在是时候切换回旧的API土地(使用 Google.GData.S preadsheets 的NuGet包)。首先,构建取值preadsheetsService (类似于谷歌的<一href="https://developers.google.com/google-apps/s$p$padsheets/#retrieving_a_list_of_s$p$padsheets">example):
Now it's time to switch back to "old API" land (use the Google.GData.Spreadsheets nuget package). Start by constructing the SpreadsheetsService (similar to Google's example):
SpreadsheetsService service = new SpreadsheetsService("MySpreadsheetIntegration-v1");
要使用服务帐户认证,我们将创建一个实例 GDataRequestFactory 和设置自定义的批准头
To use Service Account authentication, we'll create an instance of the GDataRequestFactory and set a custom Authorization header:
var requestFactory = new GDataRequestFactory("My App User Agent");
requestFactory.CustomHeaders.Add(string.Format("Authorization: Bearer {0}", credential.Token.AccessToken));
最后,将取值preadsheetsService 的 RequestFactory 属性为这个新工厂:
Finally, set the SpreadsheetsService's RequestFactory property to this new factory:
service.RequestFactory = requestFactory;
和继续使用的取值preadsheetsService ,你会怎么验证使用任何其他技术了。 (提示:按邀请 serviceAccountEmail 地址到纸张份额US preadsheets与服务帐户)
And go ahead and use the SpreadsheetsService as you would had you authenticated using any other technique. (Tip: share spreadsheets with the Service Account by inviting the serviceAccountEmail address to the sheet)
这篇关于访问使用OAuth 2年长的GData的API(S preadsheet API)和服务帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
