OAuth 2.0使用Google Client for JavaScript,获取权限被拒绝 [英] OAuth 2.0 using Google Client for JavaScript, getting permission denied
问题描述
使用JavaScript API的Google API客户端库(akagapi),我使用以下代码。
var project_id ='***';
var client_id ='***';
var config = {
'client_id':client_id,$ b $'scope':'https://www.googleapis.com/auth/bigquery',
'immediate':真
};
函数auth(){
gapi.client.setApiKey('***');
gapi.auth.authorize(config,function(){
gapi.client.load(bigquery,v2);
});
}
这可以正常工作,直到我尝试使用不同的Gmail帐户我用BigQuery项目打开的那个。 我得到了拒绝权限错误。
该网页在线托管,凭据已设置为重定向URI为空,且JavaScript起源设置为我想要的2个网站人们有权访问。
我错过了什么?我只希望每个拥有gmail账户的人都能够使用我的脚本,从我已经访问过的那两个网站:($ / b $ b
许可被拒绝的错误可能是因为您正在测试的Google帐户不是您的BigQuery项目的成员(具有角色:READER)。
这里有两个级别的授权:
(1)数据集例如:当前用户是否允许读取/更新此数据集中的表?
(2)项目例如:谁的免费/收费配额将被查询作业占用?
第一个问题很容易解决 - 您可以通过share分配特殊组authenticated users来公开数据集数据集菜单。
第二个更棘手 - 您无法将世界添加到您的项目中,并具有读者角色。
$ b $因此,您无法(直接)将查询访问权限展示给网络。
您有几个备选方案:
(1)如果你(2)您可以要求用户提供他们自己的BigQuery项目。(2)您可以要求用户提供他们自己的BigQuery项目用于计费目的。
这两者都不能提供您可能想要的无缝体验,因此您可以考虑更多参与的选项: (3)您可以设置一个前端服务,认证为您的账户(或更好 - 服务账户[1])。 Google AppEngine使这非常简单,但您可以在大多数主机环境中使用它。
-
[ 1] https://cloud.google.com/bigquery/authorization#service-accounts
Hokay, here's the deal. I'm trying to show very basic functionality of combining BigQuery and Maps API. So, obviously I need OAuth 2.0. Using Google API Client Library for JavaScript (aka "gapi"), I'm using the following code.
var project_id = '***';
var client_id = '***';
var config = {
'client_id': client_id,
'scope': 'https://www.googleapis.com/auth/bigquery',
'immediate': true
};
function auth() {
gapi.client.setApiKey('***');
gapi.auth.authorize(config, function() {
gapi.client.load("bigquery", "v2");
});
}
This works fine and all, until I try to use a different Gmail account then the one I opened the BigQuery project with. I get a "permission denied" error. The page is hosted online, the credentials have been set so that Redirect URIs is empty, and the JavaScript origins is set to the 2 websites I want people to have access from.
What am I missing? I just want everyone with a gmail account to be able to use my script, from those 2 websites I've given access to :(
The permission denied error is likely because the Google account you are testing with isn't a member of your BigQuery project (with role: READER).
There are two levels of authorization in play here: (1) Dataset. Eg: is the current user allowed to read/update tables within this dataset? (2) Project. Eg: who's free/billed quota will be consumed by the query job?
The first one is easy to address -- you can make a dataset public by assigning the special group "authenticated users" via the "share dataset" menu.
The second is more tricky -- you cannot add the world to your project with a reader role.
So, you can't (directly) expose query access to the web.
You have a few alternative options:
(1) If you only want to share this site with a small number of users, you could add them to your project individually.
(2) You could require users to provide their own BigQuery project for billing purposes.
Neither of those provide the seamless experience you probably want, so you could consider a more involved option:
(3) You could set up a front-end service that authenticates as your account (or better -- a service account[1]). Google AppEngine makes this pretty easy, but you can do it with most hosting environments.
--
[1] https://cloud.google.com/bigquery/authorization#service-accounts
这篇关于OAuth 2.0使用Google Client for JavaScript,获取权限被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
