Ruby中的Google Apps API和服务帐户出现问题 [英] Trouble with Google Apps API and Service Accounts in Ruby
问题描述
我在获取用于实例化云端硬盘服务帐户的示例代码时遇到了一些问题。我已按照指示在API控制台中设置了服务帐户,并在 https:// www.googleapis.com/auth/drive ,但运行此命令会产生以下错误:授权失败。服务器消息:(Signet :: AuthorizationError)。
奇怪的是,如果我省略user_email地址,它不会产生错误。
我的目标是能够对所有存储在该组织的云端硬盘,我的理解是使用服务帐户可以获取所有存储文件的列表。
我是否错过了某些特殊设置服务器端为此?
require'google / api_client'
##服务帐户的电子邮件#
SERVICE_ACCOUNT_EMAIL ='<服务帐户电子邮件> @ developer.gserviceaccount.com'
##服务帐户的私钥文件的路径#
S ERVICE_ACCOUNT_PKCS12_FILE_PATH ='<私钥文件> -privatekey.p12'
def build_client(user_email)
key = Google :: APIClient :: PKCS12.load_key(SERVICE_ACCOUNT_PKCS12_FILE_PATH,'notasecret')
asserter = Google :: APIClient :: JWTAsserter.new(SERVICE_ACCOUNT_EMAIL,'https://www.googleapis.com/auth/drive',键)
client = Google :: APIClient.new
client.authorization = asserter.authorize(user_email)
返回客户端
结束
客户端= build_client(<用户电子邮件地址>)
这对我来说就像您使用的是较旧的示例。我想这就是大约一年前你曾经这么做的原因。早在2012年,设置应用程序的方法已被弃用,因为Signet已更新以处理OAuth2设置的所有方面。
以下是我通常用来创建的代码一个服务帐户。您可以调整它以适应您的方法。
client.authorization = Signet :: OAuth2 :: Client.new(
:token_credential_uri =>'https://accounts.google.com/o/oauth2/token',
:audience =>'https://accounts.google.com/o/oauth2/token ',
:scope =>https://www.googleapis.com/auth/drive,
:issuer =><服务帐户电子邮件> @ developer.gserviceaccount.com ,
:signing_key => Google :: APIClient :: KeyUtils.load_from_pkcs12(< private key file> -privatekey.p12,notasecret),
:person =><用户电子邮件地址>)
client.authorization.fetch_access_token!
如果您仍有问题,请告诉我,我会看看我能否帮忙。
I'm having some trouble getting the sample code for instantiating a Drive Service Account working. I've set up the service account in the API console as directed and included the scope for the 'https://www.googleapis.com/auth/drive', but running this generates the following error: "Authorization failed. Server message: (Signet::AuthorizationError)".
Oddly, if I omit the user_email address it doesn't generate an error.
My objective is to be able to do an audit on all the files stored on the organization's Drive, and it's my understanding that using a service account would be the way to get a listing of all the files stored.
Have I missed some special setting on the server side for this?
require 'google/api_client'
## Email of the Service Account #
SERVICE_ACCOUNT_EMAIL = '<service account email>@developer.gserviceaccount.com'
## Path to the Service Account's Private Key file #
SERVICE_ACCOUNT_PKCS12_FILE_PATH = '<private key file>-privatekey.p12'
def build_client(user_email)
key = Google::APIClient::PKCS12.load_key(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'notasecret')
asserter = Google::APIClient::JWTAsserter.new(SERVICE_ACCOUNT_EMAIL, 'https://www.googleapis.com/auth/drive', key)
client = Google::APIClient.new
client.authorization = asserter.authorize(user_email)
return client
end
client = build_client("<users email address>")
This looks to me like you are using an older example. I think that's how you used to do it about a year ago. Back in late 2012 that method of setting up the app was deprecated because Signet was updated to handle all aspects of the OAuth2 setup.
Here is the code I generally use to create a service account. You can tweak it to fit into your method.
client.authorization = Signet::OAuth2::Client.new(
:token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
:audience => 'https://accounts.google.com/o/oauth2/token',
:scope => "https://www.googleapis.com/auth/drive",
:issuer => "<service account email>@developer.gserviceaccount.com",
:signing_key => Google::APIClient::KeyUtils.load_from_pkcs12("<private key file>-privatekey.p12", "notasecret"),
:person => "<users email address>")
client.authorization.fetch_access_token!
If you are still having issues let me know and I'll see if I can help.
这篇关于Ruby中的Google Apps API和服务帐户出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
