Rails中的plusDomains.circles.addPeople Google API产生403 Forbidden [英] Google API for plusDomains.circles.addPeople in Rails produces 403 Forbidden
问题描述
使用: Google API Ruby客户端
class GooglePlus
def self.follow_contact(contact,user = current_user)
plus = GooglePlus.plus_domains
GOOGLEPLUS。
授权(用户)。
执行api_method:plus.circles.add_people,
参数:{circleId:关注,userId:联系人}
结束
私人
def self.plus_domains
GooglePlus.client.discovered_api('plusDomains')
结束
def self.client
要求'google / api_client'
Google :: APIClient.new(
application_name:My Application,
application_version:1.0.0,
discovery_cache:ActiveSupport :: Cache :: Store
)
end
def self.authorized(user = current_user)
client = GooglePlus.client
client.authorization.client_id = Rails.application.secrets.google [:client_id ]
client.authorization.client_secret = Rails.application.secrets.google [:client_secret]
client.authorization.scope =%w ^ openid
profile
email
https://www.googleapis.com/auth/plus.circles.write
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/ auth / plus.login
https://www.google.com/m8/feeds^
client.authorization.grant_type ='refresh_token'
client.authorization.refresh_token = user.socials。
其中(kind:Social.kinds [:google_plus])。
select(&:verified?)。first.token_secret
client.authorization.fetch_access_token!
客户
结束
结束
我知道我的OAuth键具有正确的权限,因为我为'omniauth-google-oauth2'gem设置了此行:
google = Rails.application.secrets.google
Rails.application.config.middleware.use OmniAuth :: Builder do
provider:google_oauth2,google [:client_id],google [:client_secret], {
范围:%w ^ openid
个人资料
电子邮件
https://www.googleapis.com/auth/plus.circles.write
https:// www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.login
https://www.google.com/m8/feeds^.join (,),
access_type:离线,
提示:同意
}
结束
而且工作正常。一切看起来像它的工作,直到我执行 client.execute api_method:plus.circles.add_people,参数:{circleId:以下,userId:contact}
我回来了以下。
=> #< Google :: APIClient :: Result:0x000000093853e8
@ data =
#< Google :: APIClient :: Schema :: PlusDomains :: V1 :: Circle:0x49c79f4 DATA:{error => {errors=> [{domain=>global,reason=>forbidden,message=>Forbidden}] 403,message=>Forbidden}}> ;,
@ request =
#< Google :: APIClient :: Request:0x0000000943f978
@api_method =#< Google :: APIClient ::方法:0x3441238 ID:plusDomains.circles.addPeople> ;,
@ authenticated = nil,
@ authorization =
#< Signet :: OAuth2 :: Client:0x00000009450930
@access_token =...,
@ additional_parameters = {},
@ authorization_uri =
#<可寻址:: URI:0x4a2813c URI:https:// accounts。 google.com/o/oauth2/auth> ;,
@ client_id =
...,
@client_secret =...,
@ code = nil,
@ expires_in = 3600,
@ expiry = 60,
@ extension_parameters = {},
@ grant_type =refresh_token,
@id_toke n =
...,
@ issued_at = 2014-09-13 00:49:08 -0400,
@refresh_token =...,
@范围=
[openid,profile,email,
https://www.googleapis.com/auth/plus.circles.write,
https: //www.googleapis.com/auth/plus.me,
https://www.googleapis.com/auth/plus.login,
https://www.google。 com / m8 / feeds],
@ token_credential_uri =
#<可寻址:: URI:0x4a21e68 URI:https://accounts.google.com/o/oauth2/token>> ;,
@ body =,
@ headers =
{User-Agent=>
My Application / 1.0.0 google-api-ruby-client / 0.7.1 Linux / 3.13.0-32-generic \\\
(gzip),
Accept-Encoding=> ;gzip,
Content-Type=>},
@parameters = {circleId=>Following,usersId=>+ contact_name} >,
@ response =
#< Faraday :: Response:0x00000009386680
@ env =
#< struct Faraday :: Env
method =:put ,
body =
{\\\
\error \:{\\\
\errors \:[\\\
{\\\
\domain \ :\全球\,\\\\ \\ \\理由\:\禁止的\,\\ \\ \\消息\:\禁止的\\ } \\\
],\\\
\code\:403,\\\
\message \:\Forbidden \\\\
} \\\
} \\\
,
url =
#< URI :: HTTPS:0x00000009420370 URL:https://www.googleapis.com/plusDomains/v1/circles/Following/people?usersId =%2Bcontact_name> ;,
请求=
# params_encoder = Faraday :: FlatParamsEncoder,
proxy = nil,
ind = nil,
timeout = nil,
open_timeout = nil,
boundary = nil,
oauth = nil>,
request_headers =
{User-Agent=>
My Application / 1.0.0 google-api-ruby-client / 0.7.1 Linux / 3.13.0-32-generic \\\
(gzip),
Accept-Encoding=> ;gzip,
Content-Type=>,
Authorization=>
Bearer ...,
Cache-Control=>no-store},
ssl =
#< struct Faraday :: SSLOptions
verify = true,
ca_file =
/home/user/.rvm/gems/ruby-2.1.2/gems/google-api-client-0.7.1/lib/cacerts.pem ,
ca_path = nil,
verify_mode = nil,
cert_store = nil,
client_cert = nil,
client_key = nil,
certificate = nil,
private_key = nil,
verify_depth = nil,
version = nil> ;,
parallel_manager = nil,
params = nil,
response = nil,
response_headers =
{content-type=>application / json; charset = UTF-8,
date=>Sat,13 Sep 2014 05:01: 30 GMT,
expires=>Sat,13 Sep 2014 05:01:30 GMT,
cache-control=>private,max-age = 0,
x-content-type-options=>nosniff,
x-frame-options=>SAMEORIGIN,
x-xss-protection= > ;1; mode = block,
server=>GSE,
alternate-protocol=>443:quic,p = 0.002,
connection=> ;close,
transfer-encoding=>chunked},
status = 403>,
@on_complete_callbacks = []>>
我用' ... '编辑了密钥和私人信息,所以它不是真的告诉我什么不喜欢我的请求。帮助将不胜感激。
也许你有一个过期的标记。从文档:
4.刷新访问令牌(如有必要)。
访问令牌的生命周期有限,如果您的应用程序需要访问
给Google API在一个访问令牌的生命周期之外,它可以
获得一个刷新令牌。一个刷新令牌允许你的应用程序
获得新的访问令牌。
您是否尝试过从 omniauth auth hash ?
client.authorization .refresh_token = request.env [omniauth.auth] [credentials] [refresh_token]
HTH。
Using: Google API Ruby Client
class GooglePlus
def self.follow_contact(contact, user = current_user)
plus = GooglePlus.plus_domains
GooglePlus.
authorized(user).
execute api_method: plus.circles.add_people,
parameters: {circleId: "Following", userId: contact}
end
private
def self.plus_domains
GooglePlus.client.discovered_api('plusDomains')
end
def self.client
require 'google/api_client'
Google::APIClient.new(
application_name: "My Application",
application_version: "1.0.0",
discovery_cache: ActiveSupport::Cache::Store
)
end
def self.authorized(user = current_user)
client = GooglePlus.client
client.authorization.client_id = Rails.application.secrets.google[:client_id]
client.authorization.client_secret = Rails.application.secrets.google[:client_secret]
client.authorization.scope = %w^openid
profile
email
https://www.googleapis.com/auth/plus.circles.write
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.login
https://www.google.com/m8/feeds^
client.authorization.grant_type = 'refresh_token'
client.authorization.refresh_token = user.socials.
where(kind: Social.kinds[:google_plus]).
select(&:verified?).first.token_secret
client.authorization.fetch_access_token!
client
end
end
I know my OAuth key has the right permissions as I've set this line for my 'omniauth-google-oauth2' gem:
google = Rails.application.secrets.google
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, google[:client_id], google[:client_secret], {
scope: %w^openid
profile
email
https://www.googleapis.com/auth/plus.circles.write
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.login
https://www.google.com/m8/feeds^.join(","),
access_type: "offline",
prompt: "consent"
}
end
And that works fine. Everything looks like it works up until the point where I execute the client.execute api_method: plus.circles.add_people, parameters: {circleId: "Following", userId: contact}
I get back the following.
=> #<Google::APIClient::Result:0x000000093853e8
@data=
#<Google::APIClient::Schema::PlusDomains::V1::Circle:0x49c79f4 DATA:{"error"=>{"errors"=>[{"domain"=>"global", "reason"=>"forbidden", "message"=>"Forbidden"}], "code"=>403, "message"=>"Forbidden"}}>,
@request=
#<Google::APIClient::Request:0x0000000943f978
@api_method=#<Google::APIClient::Method:0x3441238 ID:plusDomains.circles.addPeople>,
@authenticated=nil,
@authorization=
#<Signet::OAuth2::Client:0x00000009450930
@access_token="...",
@additional_parameters={},
@authorization_uri=
#<Addressable::URI:0x4a2813c URI:https://accounts.google.com/o/oauth2/auth>,
@client_id=
"...",
@client_secret="...",
@code=nil,
@expires_in=3600,
@expiry=60,
@extension_parameters={},
@grant_type="refresh_token",
@id_token=
"...",
@issued_at=2014-09-13 00:49:08 -0400,
@refresh_token="...",
@scope=
["openid", "profile", "email",
"https://www.googleapis.com/auth/plus.circles.write",
"https://www.googleapis.com/auth/plus.me",
"https://www.googleapis.com/auth/plus.login",
"https://www.google.com/m8/feeds"],
@token_credential_uri=
#<Addressable::URI:0x4a21e68 URI:https://accounts.google.com/o/oauth2/token>>,
@body="",
@headers=
{"User-Agent"=>
"My Application/1.0.0 google-api-ruby-client/0.7.1 Linux/3.13.0-32-generic\n (gzip)",
"Accept-Encoding"=>"gzip",
"Content-Type"=>""},
@parameters={"circleId"=>"Following", "usersId"=>"+contact_name"}>,
@response=
#<Faraday::Response:0x00000009386680
@env=
#<struct Faraday::Env
method=:put,
body=
"{\n \"error\": {\n \"errors\": [\n {\n \"domain\": \"global\",\n \"reason\": \"forbidden\",\n \"message\": \"Forbidden\"\n }\n ],\n \"code\": 403,\n \"message\": \"Forbidden\"\n }\n}\n",
url=
#<URI::HTTPS:0x00000009420370 URL:https://www.googleapis.com/plusDomains/v1/circles/Following/people?usersId=%2Bcontact_name>,
request=
#<struct Faraday::RequestOptions
params_encoder=Faraday::FlatParamsEncoder,
proxy=nil,
bind=nil,
timeout=nil,
open_timeout=nil,
boundary=nil,
oauth=nil>,
request_headers=
{"User-Agent"=>
"My Application/1.0.0 google-api-ruby-client/0.7.1 Linux/3.13.0-32-generic\n (gzip)",
"Accept-Encoding"=>"gzip",
"Content-Type"=>"",
"Authorization"=>
"Bearer ...",
"Cache-Control"=>"no-store"},
ssl=
#<struct Faraday::SSLOptions
verify=true,
ca_file=
"/home/user/.rvm/gems/ruby-2.1.2/gems/google-api-client-0.7.1/lib/cacerts.pem",
ca_path=nil,
verify_mode=nil,
cert_store=nil,
client_cert=nil,
client_key=nil,
certificate=nil,
private_key=nil,
verify_depth=nil,
version=nil>,
parallel_manager=nil,
params=nil,
response=nil,
response_headers=
{"content-type"=>"application/json; charset=UTF-8",
"date"=>"Sat, 13 Sep 2014 05:01:30 GMT",
"expires"=>"Sat, 13 Sep 2014 05:01:30 GMT",
"cache-control"=>"private, max-age=0",
"x-content-type-options"=>"nosniff",
"x-frame-options"=>"SAMEORIGIN",
"x-xss-protection"=>"1; mode=block",
"server"=>"GSE",
"alternate-protocol"=>"443:quic,p=0.002",
"connection"=>"close",
"transfer-encoding"=>"chunked"},
status=403>,
@on_complete_callbacks=[]>>
I've edited out keys and private information with a '...'. So it's not really telling me what it didn't like about my request. Help would be appreciated.
Maybe you have an expired token. From the docs:
4. Refresh the access token, if necessary.
Access tokens have limited lifetimes. If your application needs access to a Google API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.
Have you tried setting the refresh token from the omniauth auth hash?
client.authorization.refresh_token = request.env["omniauth.auth"]["credentials"]["refresh_token"]
HTH.
这篇关于Rails中的plusDomains.circles.addPeople Google API产生403 Forbidden的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!