通过OAuth 2.0和私人密钥aka服务帐户访问Google Contacts API [英] Accessing Google Contacts Api via OAuth 2.0 and private key aka Service Account
问题描述
我目前正在通过OAuth 2.0和一个所谓的服务帐户实施对Google通讯录的访问。服务帐户是为My.Name@gmail.com等普通用户生成的。
生成OAuth 2.0凭据的代码为:
public static GoogleCredential getCredentials()抛出GeneralSecurityException,IOException {
GoogleCredential凭证=新的GoogleCredential.Builder()。setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SingleUserCredentials.SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(https://www.google.com/m8/feeds)
.setServiceAccountPrivateKeyFromP12File(new File (SingleUserCredentials.SERVICE_ACCOUNT_PKCS12_FILE_PATH))
.build();
credential.refreshToken();
返回凭证;
}
然后我尝试通过以下方式检索联系人:
ContactsService myService = new ContactsService(
myApp);
myService.setOAuth2Credentials(getCredentials());
网址feedUrl =新网址(https://www.google.com/m8/feeds/contacts/default/full);
Query myQuery = new Query(feedUrl);
ContactFeed resultFeed = myService.query(myQuery,ContactFeed.class);
//打印结果
for(ContactEntry entry:resultFeed.getEntries()){
System.out.println(entry.getName()。getFullName()。getValue ());
System.out.println(Updated on:+ entry.getUpdated()。toStringRfc822());
}
问题是我没有从我的帐户获取任何联系人。 Feed始终为空。没有错误。没有。
通过相同的方式访问Google Apps托管网域时,效果很好。
我想知道联系人Api在使用p12密钥文件和服务帐户时支持普通(aka @ gmail.com)帐户的OAuth 2.0。
我自己遇到了同样的问题。
我尝试了设置密钥时收到的电子邮件地址和域管理员的电子邮件地址。
当我使用密钥设置中的电子邮件时,我什么都没收到 - 没有警告,没有例外,也没有数据。 b
$ b
当我使用域管理员的电子邮件地址时,我收到一个异常:
com.google.api.client.auth.oauth2.TokenResponseException:400 OK
[java] {
[java]error:invalid_grant
[java]}
[java] 2013年2月5日下午5点16分48秒com.google.appengine.repackaged.org.apache.http.impl.client.DefaultRequestDirector handleResponse
[java]警告:身份验证错误:无法响应任何这些挑战:{}
[java] Feb 5,2013 5:16:48 PM com.google.apphosting.utils.jetty.JettyLogger警告
[java]警告:/
[ java] java.lang.NullPointerException:没有认证头信息
...
因此,我认为域管理员的电子邮件地址不是我所需要的。
接下来,我在搜索此页面之前搜索了一会儿:
我在里面看到了getServiceAccountUser()。该字段的描述为:
返回应用程序试图在服务帐户流程中模拟的用户的电子邮件地址,或者返回null或者如果不使用服务帐户流。
确实,有一个对应的setServiceAccountUser(String),它接受您使用服务帐户模拟用户的用户名(电子邮件地址)。
我将该字段设置为适当的值,然后我就可以继续操作了。
回想起来,感觉 - 如果我没有提供我尝试使用的帐户,则无法为该帐户取消联系。
I am currently implementing access to Google Contacts via OAuth 2.0 and a so called Service Account. The service account is generated for an ordinary user like "My.Name@gmail.com".
The code to generate the OAuth 2.0 credentials is:
public static GoogleCredential getCredentials() throws GeneralSecurityException, IOException {
GoogleCredential credential = new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SingleUserCredentials.SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes("https://www.google.com/m8/feeds")
.setServiceAccountPrivateKeyFromP12File(new File(SingleUserCredentials.SERVICE_ACCOUNT_PKCS12_FILE_PATH))
.build();
credential.refreshToken();
return credential;
}
I am then trying to retrieve the contacts via:
ContactsService myService = new ContactsService(
"myApp");
myService.setOAuth2Credentials(getCredentials());
URL feedUrl = new URL("https://www.google.com/m8/feeds/contacts/default/full");
Query myQuery = new Query(feedUrl);
ContactFeed resultFeed = myService.query(myQuery, ContactFeed.class);
// Print the results
for (ContactEntry entry : resultFeed.getEntries()) {
System.out.println(entry.getName().getFullName().getValue());
System.out.println("Updated on: " + entry.getUpdated().toStringRfc822());
}
The problem is that I do not get any a single contact from my account. The feed is always empty. There is no error. Nothing.
When accessing a Google Apps managed domain via the same approach it works nicely.
I am wondering if the Contacts Api supports OAuth 2.0 for ordinary (aka @gmail.com) accounts when using a p12 key file and a service account.
I ran into that same problem myself.
I tried both the email address that I received when I setup the key and the email address of a domain administrator.
When I use the email from the key setup, I don't receive anything at all -- no warnings, no exceptions, and no data.
When I use the email address of a domain administrator, I receive an exception:
com.google.api.client.auth.oauth2.TokenResponseException: 400 OK
[java] {
[java] "error" : "invalid_grant"
[java] }
[java] Feb 5, 2013 5:16:48 PM com.google.appengine.repackaged.org.apache.http.impl.client.DefaultRequestDirector handleResponse
[java] WARNING: Authentication error: Unable to respond to any of these challenges: {}
[java] Feb 5, 2013 5:16:48 PM com.google.apphosting.utils.jetty.JettyLogger warn
[java] WARNING: /
[java] java.lang.NullPointerException: No authentication header information
...
So, I figured that the domain administrator's email address wasn't what I needed.
Next, I Googled around for a while before finding this page:
I saw in there getServiceAccountUser (). The description of the field was:
Returns the email address of the user the application is trying to impersonate in the service account flow or null for none or if not using the service account flow.
Sure enough, there's a corresponding setServiceAccountUser (String) which accepts the username (email address) of the user you're using the service account to impersonate.
I set that field to an appropriate value and I was able to proceed.
In retrospect, it all makes sense -- if I don't supply an account that I'm trying to work from, I can't pull down the contacts for that account.
这篇关于通过OAuth 2.0和私人密钥aka服务帐户访问Google Contacts API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
