Google Calendar API v3 - 使用硬编码凭据进行身份验证 [英] Google Calendar API v3 - authenticate with hardcoded credentials

问题描述

我正在编写一个PHP应用程序，它应该允许用户将某些事件添加到私人Google日历。日历由我拥有，我需要一种方式让PHP使用固定凭证与日历API进行通信（每个人都可以使用网站上的表单添加事件，但日历本身并不是公开可见的）。

I am writing a PHP application that's supposed to allow users to add certain events to a private Google Calendar. The calendar is owned by me, and I need a way for PHP to communicate with the calendar API using fixed credentials (everyone can add events using a form on the website, but the calendar itself is not publicly visible).

根据我的阅读，这可以在v1 API中使用ClientLogin。但是，在v3 API中，可用选项是OAuth2.0或API密钥。使用API​​密钥似乎不起作用，因为它只能用于不需要授权的请求，并且OAuth也不太合适，因为用户不应该访问他们自己的日历，而是我自己的日历

From what I have read, this is possible using ClientLogin in the v1 API. In the v3 API, however, the available options are OAuth2.0 or the API key. Using the API key doesn't seem to work, since it can only be used for requests that don't require authorization, and OAuth doesn't seem right either, because users are not supposed to access their own calendars, but the one my application uses.

我考虑以编程方式获取OAuth令牌，但迟早会破坏，因为OAuth对话框可以使用captcha。

I thought about getting the OAuth token programatically, but that's bound to break sooner or later, since the OAuth dialog can use captchas.

这似乎是一个标准的用例 - 一个Web应用程序，它允许用户以某种预定义的方式与单个日历交互 - 但我找不到任何有关如何使其发生的文档v3 API。任何人都可以帮助我吗？

This seems to be such a standard use case — a web application that lets users interact with a single calendar in some predefined ways — yet I can't find any documentation on how to make it happen in the v3 API. Can anyone help me?

推荐答案

您需要同时使用开发人员密钥（API Key）和OAuth2。开发人员密钥验证谁编写了该软件，并用于诸如每个开发人员而不是每个用户的基础上的配额。 OAuth2用于用户身份验证，并且需要访问非公共日历。

You will need to use both the Developer Key (API Key) and OAuth2. The developer key authenticates who wrote the software and is used for things like quota which is on a per developer basis not a per user basis. OAuth2 is for user authentication and will be need to access the non-public calendar.

OAuth2有一个续订令牌，您可以从中生成会话令牌，这意味着您不需要屏幕刮取OAuth屏幕即可进行身份验证。为了得到这个，我会写一个小命令行应用程序，或者使用一个关闭的PHP页面。

OAuth2 has a renew token from which you can generate a session token and this means that you will not need to screen scrape the OAuth screens to get authenticated. To get this I would write a little command line application, or you use a one off PHP page.

1. 在 Google Api控制台转到API访问权限


2. 生成新的客户端ID并选择已安装的应用程序（因为您将以与您的用户不同的身份验证您的服务器）


3. 使用控制台应用程序或一个关闭的PHP页面使用OAuth和您的Google帐户进行身份验证您希望访问的日历）


4. 在身份验证返回时，应该有一个更新令牌（称为续订或刷新或类似的东西）。保存此字符串并将其提供给您的PHP站点。


5. 当您需要访问服务时，您的OAuth库应该具有续订/刷新呼叫。

1. Under the Google Api Console go to API Access
2. Generate a new Client ID and choose Installed Application ( as you will be authenticating you server as you not as your user)
3. Either using a console app or a one off PHP page authenticate using OAuth and your google account (the one with the calendar you want access to)
4. In the return from the authentication there should be a renew token, (called renew or refresh or something similar). Save this string and make it available to your PHP site.
5. When you need to access the service your OAuth library should have a renew/refresh call. There is an example using .Net below.

---

---

private IAuthorizationState CreateAuthorization(NativeApplicationClient arg)
 {
   // Get the auth URL:
   IAuthorizationState state = new AuthorizationState(new[] { AdsenseService.Scopes.AdsenseReadonly.GetStringValue() });
   state.Callback = new Uri(NativeApplicationClient.OutOfBandCallbackUrl);
   if (refreshToken.IsNotNullOrEmpty()) // refreshToken you stored in step 4
   {
     try
     {
       state.RefreshToken = refreshToken;
       if (arg.RefreshToken(state))     // This is calling out to the OAuth servers with the refresh token getting back a session token, returns true if successful.
       {
         if (state.RefreshToken != refreshToken) // if the refresh token has changed, save it.
         {
           PersistRefreshToken(authorization.RefreshToken);
         }
         return this.authorization = state; // Retain the authorization state, this is what will authenticate your calls.
       }
     }
     catch (ProtocolException ex) {...}

现在已更新的AuthorisationState可用于验证您对API的调用。这个状态可以被使用很多时间，直到它到期，然后可以刷新。由于您认证自己的应用程序不是用户，所以您的会话可以共享此AuthorisationState。当前的AuthorisationState和刷新令牌应该安全地保存在您的服务器上，并且永远不会发送给客户端，如果您曾经将这些作为响应的一部分发送出去，那么您的客户端将拥有与您的代码应用程序相同的权限。

The AuthorisationState that has now been renewed can then be used to authenticate call you make to the API. this state can be used many time until it expires and then can be refreshed. As you are authenticating your application as yourself not as a user this AuthorisationState can be shared by all you sessions. Both the current AuthorisationState and the refresh token should be kept securely on your server and never sent to the client, if you ever sent these as part of a response your clients would have the same privileges as your code application

这篇关于Google Calendar API v3 - 使用硬编码凭据进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！