Gmail上下文小工具（Gmail插件/扩展程序）：已弃用？不可能？怎么样？ （不能做OAuth 2.0） [英] Gmail Contextual Gadget (Gmail plugin/extension): Deprecated? Impossible? How? (Can't do OAuth 2.0)

问题描述

我们需要开发一个内部gmail扩展程序来处理传入的电子邮件，允许收件人与我们的内部软件进行交互。我一直在试图弄清楚如何在Gmail上下文小工具中使用OAuth 2.0，但我找不到任何具体的文档。当我使用contextual + google-oauth（Google推荐的关键字）搜索堆栈溢出时，我无法找到任何有用的内容。

在给我标准页之前，请确保它包含以下内容：

• 微不足道的是，使用OAuth 2.0的Gmail上下文小工具manifest.xml的示例

<理想情况下，解释如何在一个域（而不是市场）上部署它，所以我知道它实际上已经部署和安装了。例如，上下文小工具页面中的标准hello示例使用OpenID（openIdRealm），并在OAuth 2.0之前编写：







We need to develop an in-house gmail extension to process incoming emails, allow recipients to interact with our in-house software. I have been trying to figure out how to use OAuth 2.0 in Gmail Contextual Gadget, but I can't find any specific documentation for this. I couldn't find anything useful when I searched stack overflow with contextual + google-oauth (keyword recommended by Google).

Before you give me standard pages, please make sure it has this:

• Minimally, an example of Gmail contextual gadget manifest.xml that uses OAuth 2.0
• Ideally, with explanation of how to deploy it at a domain (not marketplace), so I know it actually was deployed & tested.

For example, the standard hello example in Contextual Gadgets page uses OpenID ("openIdRealm"), and was written before OAuth 2.0:

https://developers.google.com/gmail/contextual_gadgets

OpenID is NOT allowed in OAuth 2.0:

https://developers.google.com/apps-marketplace/practices#3_use_oauth20

Your application must not use OpenID or OAuth1.0. Any evidence of such usage will result in your application failing the review process.

Note that Contextual Gadgets are Client-Side Javascript apps, very different from web server apps and installed apps. So OAuth 2.0 should be used like this:

https://developers.google.com/accounts/docs/OAuth2#clientside https://developers.google.com/accounts/docs/OAuth2UserAgent

But contextual gadgets run in a container, which handles the first call of OAuth (google call, which calls back our website with tokens ...). Living on the client side, contextual gadgets "cannot keep secrets". our website (redirect page, https://example.com/oauth2callback) needs to save access token (and maybe refresh token) to the session that is accessible to our gadget code on the client side.

I would ideally not use SSO, which I see is only "needed for applications deployed on the marketplace". The alternative deployment is "for your domain", which uses Google Apps Extensions Console:

https://developers.google.com/google-apps/extensions-console/

But the extension console says, on top, "We are improving user experience, try the new Developers Console", which links to:

https://console.developers.google.com/?redirected=true

Developers Console:

• It shows the project that was created before in apps extensions console. I can click on it to open a large menu (aside, on the left)
• APIs & Auth / Credentials -- I created Client ID and secret for my app. Apparently, I must use Web Apps, not Service account or installed app, because I'm trying to access some user-private data (email access), not just a Google service, and I'm not a standalone installed app.

There is no place to report this client ID anywhere in the contextual gadget. Is it register-and-forget?

Also (a bug?), permissions shows my client ID under "Service Account" even though I did NOT create service account credentials.

And then this: I don't know how to deploy my contextual gadget (which is not a standalone app) on my domain from this new Developers Console. There only seems to be cloud-deployment-related options under overview and Compute tabs on the left.

When I try to deploy from the Apps Extensions Console (which supposedly is not deprecated, only is improved), I get this error:

Google Apps Marketplace    (I never deployed to marketplace, only my own domain)
Application installation not allowed.
The OAuth1.0 version is no longer available.
Instead, try installing the OAuth2.0 version.
[Return to dashboard]   (button)

What is more, return to dashboard button takes me to the Domain admin site which allows neither development nor deployment:

https://admin.google.com/mydomain.com/

By the way, the Apps Extensions Console never accesses the redirect page I have created, and never reads the gadget spec file on my site either (never accessed by google as promised), so error message must be saying the manifest.xml doesn't use OAuth 2.0... Or Apps Extensions Console doesn't use it itself and blames me for it!

So, Gmail Contextual App:

• Deprecated?
• Impossible now?
• Authorized with OAuth 2.0? How?

解决方案

The documentation for Google Contextual Gadgets is a bad joke- outdated and wrong, don't waste your time.

The answers here on SO got me closer, but I never actually got the thing working.

Luckily I ended up finding gmail.js, which allowed me to write a Chrome extension to do what I needed...

1- Download the Gmail Chrome Extension Boilerplate project, which is a Hello world example chrome extension using gmail.js.

2- Update the main function in the main.js file to something like this:

var main = function(){

    gmail = new Gmail();
    gmail.observe.on("open_email", function(id, url, body, xhr) {

        // Inject a toolbar:
        var $email_body = gmail.dom.email_body();
        $email_body.prepend('<div class="my_toolbar"><a>Do something</a></div>');
    });
}

That'll give you this:

这篇关于Gmail上下文小工具（Gmail插件/扩展程序）：已弃用？不可能？怎么样？ （不能做OAuth 2.0）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！