使用服务帐户调用Java Google Drive API时无效的授权 [英] Invalid grant when calling Java Google Drive Api with Service Account
问题描述
确定!正如标题所述,我在使用服务帐户时遇到了一些认证问题。所以让我们从头开始,因为我觉得我已经尝试了所有的东西!
服务设置为开:
Drive SDK设置:
服务帐户Api访问权限:
此处:
Ok! As the title states I'm having some serious issues with the authentication when using a Service Account. So let's start from the beginning since it feels that I have tried everything!
Services set to on:
Drive SDK setup:
Service Account Api Access:
Api client access as described here: http://support.google.com/a/bin/answer.py?hl=en&answer=162106
The code:
public static void callSpreadsheetApi() {
GoogleCredential credential = null;
try {
credential = new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("2363XXXXXX19.apps.googleusercontent.com")
.setServiceAccountScopes(DriveScopes.DRIVE, "https://spreadsheets.google.com/feeds", "https://docs.google.com/feeds")
.setServiceAccountPrivateKeyFromP12File(new File("/Users/stevesmith/Desktop/c02e064935d33c3389f6ab1dbf9ea747a5bdaac5-privatekey.p12"))
.setServiceAccountUser("steve.smith@reco.se")
.build();
} catch (GeneralSecurityException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
Drive drive = new Drive.Builder(HTTP_TRANSPORT, JSON_FACTORY, credential).build();
com.google.api.services.drive.model.File file = new com.google.api.services.drive.model.File();
file.setTitle("test");
file.setMimeType("application/vnd.google-apps.spreadsheet");
Drive.Files.Insert insert = null;
try {
insert = drive.files().insert(file);
file = insert.execute();
} catch (IOException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
}
}
The exception:
[info] play - Application started (Dev)
com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
"error" : "invalid_grant"
}
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:103)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:303)
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:323)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:340)
at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:505)
at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:266)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:857)
at com.google.api.client.googleapis.json.GoogleJsonResponseException.execute(GoogleJsonResponseException.java:182)
at com.google.api.client.googleapis.services.GoogleClient.executeUnparsed(GoogleClient.java:279)
at com.google.api.client.http.json.JsonHttpRequest.executeUnparsed(JsonHttpRequest.java:207)
at com.google.api.services.drive.Drive$Files$Insert.executeUnparsed(Drive.java:307)
at com.google.api.services.drive.Drive$Files$Insert.execute(Drive.java:331)
at services.GoogleService.callSpreadsheetApi(GoogleService.java:236)
at controllers.Application.index(Application.java:26)
at Routes$$anonfun$routes$1$$anonfun$apply$1$$anonfun$apply$2.apply(routes_routing.scala:32)
at Routes$$anonfun$routes$1$$anonfun$apply$1$$anonfun$apply$2.apply(routes_routing.scala:32)
at play.core.Router$HandlerInvoker$$anon$5$$anon$1.invocation(Router.scala:1090)
at play.core.j.JavaAction$$anon$1.call(JavaAction.scala:33)
at play.core.j.JavaAction$class.apply(JavaAction.scala:74)
at play.core.Router$HandlerInvoker$$anon$5$$anon$1.apply(Router.scala:1089)
at play.core.ActionInvoker$$anonfun$receive$1$$anonfun$6.apply(Invoker.scala:126)
at play.core.ActionInvoker$$anonfun$receive$1$$anonfun$6.apply(Invoker.scala:126)
at play.utils.Threads$.withContextClassLoader(Threads.scala:17)
at play.core.ActionInvoker$$anonfun$receive$1.apply(Invoker.scala:125)
at play.core.ActionInvoker$$anonfun$receive$1.apply(Invoker.scala:115)
at akka.actor.Actor$class.apply(Actor.scala:318)
at play.core.ActionInvoker.apply(Invoker.scala:113)
at akka.actor.ActorCell.invoke(ActorCell.scala:626)
at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:197)
at akka.dispatch.Mailbox.run(Mailbox.scala:179)
at akka.dispatch.ForkJoinExecutorConfigurator$MailboxExecutionTask.exec(AbstractDispatcher.scala:516)
at akka.jsr166y.ForkJoinTask.doExec(ForkJoinTask.java:259)
at akka.jsr166y.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:975)
at akka.jsr166y.ForkJoinPool.runWorker(ForkJoinPool.java:1479)
at akka.jsr166y.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:104)
I've been browsing the web for the past 3 hours and all of the PHP and Python folks seem to have solved it by setting the correct time on their linux production server. I'm sitting in MacOS Snow Leopard and I have tried with the time setting but no luck there. I have also tried to create a new key. Changing the scopes. Adding different ServiceAccountUsers and so on. I'm probably missing some crucial part or maybe it's supersimple? I'm running out of ideas!
Did you try the single scope:
.setServiceAccountScopes("https://www.googleapis.com/auth/drive")
and,
.setServiceAccountId("23636812XXXX.apps.googleusercontent.com")
should be
.setServiceAccountId("2363681XXXX@developer.gserviceaccount.com")
The other scopes are required for the Spreadsheets, they are not required (yet).
also, see this related question
这篇关于使用服务帐户调用Java Google Drive API时无效的授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!