使用google-api-java-client的双腿OAuth [英] 2-legged OAuth with google-api-java-client
问题描述
有人知道如何使用google-api-java-client的双腿OAuth吗?
我尝试访问Google Apps Provisioning API以获取特定域的用户列表。
以下操作不起作用
HttpTransport transport = GoogleTransport.create();
GoogleHeaders headers =(GoogleHeaders)transport.defaultHeaders;
headers.setApplicationName(APPLICATION_NAME);
headers.gdataVersion = GDATA_VERSION;
OAuthHmacSigner签名者=新OAuthHmacSigner();
signer.clientSharedSecret = CONSUMER_SECRET;
OAuthParameters oauthParameters = new OAuthParameters();
oauthParameters.version = OAUTH_VERSION;
oauthParameters.consumerKey = CONSUMER_KEY;
oauthParameters.signer =签名者;
oauthParameters.signRequestsUsingAuthorizationHeader(transport);
我得到com.google.api.client.http.HttpResponseException:401未知授权标题 。
标题看起来像这样
OAuth oauth_consumer_key =...,oauth_nonce =... ,oauth_signature =...,oauth_signature_method =HMAC-SHA1,oauth_timestamp =...,oauth_version =1.0
我也尝试过无法成功
GoogleOAuthDomainWideDelegation delegation = new GoogleOAuthDomainWideDelegation();
delegation.requestorId = REQUESTOR_ID;
delegation.signRequests(transport,oauthParameters);
有什么想法?
在此先感谢。
似乎代码没有问题。它实际上工作。
问题在于我们的Google Apps设置。
当您访问管理此域的OAuth密钥和机密页面( https://www.google.com/a/cpanel/YOUR-DOMAIN/SetupOAuth ),
并启用双方OAuth访问控制并选择
允许访问所有API,但它实际上并不允许访问所有API。
如果您在
( https://www.google.com/a/cpanel/YOUR-DOMAIN/ManageOauthClients ),
您会看到有例如:
YOR-DOMAIN / CONSUMER-KEY此客户端可以访问所有API
code> 看来这不包括Provisioning API。
只有在我们明确添加了Provisioning API后,代码才开始工作。
因此,要启用Provisioning API,您还应该在列表中包含以下内容:
YOR-DOMAIN / CONSUMER-KEY群组配置(只读)https://apps-apis.google.com/a/feeds/group/#readonly
用户配置(只读)https://apps-apis.google。 com / a / feeds / user /#readonly
其他人也有同样的问题:
http ://www.gnegg.ch/2010/06/google-apps-provisioning-two-legged-oauth/
Does anyone know how to use 2-legged OAuth with google-api-java-client? I'm trying to access the Google Apps Provisioning API to get the list of users for a particular domain.
The following does not work
HttpTransport transport = GoogleTransport.create();
GoogleHeaders headers = (GoogleHeaders) transport.defaultHeaders;
headers.setApplicationName(APPLICATION_NAME);
headers.gdataVersion = GDATA_VERSION;
OAuthHmacSigner signer = new OAuthHmacSigner();
signer.clientSharedSecret = CONSUMER_SECRET;
OAuthParameters oauthParameters = new OAuthParameters();
oauthParameters.version = OAUTH_VERSION;
oauthParameters.consumerKey = CONSUMER_KEY;
oauthParameters.signer = signer;
oauthParameters.signRequestsUsingAuthorizationHeader(transport);
I get the "com.google.api.client.http.HttpResponseException: 401 Unknown authorization header". The header looks something like this
OAuth oauth_consumer_key="...", oauth_nonce="...", oauth_signature="...", oauth_signature_method="HMAC-SHA1", oauth_timestamp="...", oauth_version="1.0"
I also tried following without success
GoogleOAuthDomainWideDelegation delegation = new GoogleOAuthDomainWideDelegation();
delegation.requestorId = REQUESTOR_ID;
delegation.signRequests(transport, oauthParameters);
Any ideas? Thanks in advance.
It seems that there was nothing wrong with the code. It actually works. The problem was with the our Google Apps setup.
When you visit the "Manage OAuth key and secret for this domain" page (https://www.google.com/a/cpanel/YOUR-DOMAIN/SetupOAuth), and enable "Two-legged OAuth access control" and select "Allow access to all APIs", it doesn't actually allow access to all APIs.
If you visit the "Manage API client access" page after that (https://www.google.com/a/cpanel/YOUR-DOMAIN/ManageOauthClients), you'll see that there is an entry like:
YOR-DOMAIN/CONSUMER-KEY "This client has access to all APIs"
It seems that this doesn't include Provisioning API. Only after we explicitly added the Provisioning API, the code started to work. So to enable Provisioning API, you should also have something like the following entry in your list:
YOR-DOMAIN/CONSUMER-KEY Groups Provisioning (Read only) https://apps-apis.google.com/a/feeds/group/#readonly
User Provisioning (Read only) https://apps-apis.google.com/a/feeds/user/#readonly
Somone else had the same problem:
http://www.gnegg.ch/2010/06/google-apps-provisioning-two-legged-oauth/
Sasa
这篇关于使用google-api-java-client的双腿OAuth的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
