我如何在没有默认凭证文件的情况下授权Google服务帐户? [英] How can I authorize a Google Service Account without the default credentials file?
问题描述
我有 Google服务帐户,这是我的应用程序用于从Google Analytics检索数据。
当我创建帐户时,我下载了一个 client_secrets
文件,其中包含通过OAuth进行授权的所有必要信息,按照 的环境变量记录了此文件的路径。 GOOGLE_APPLICATION_CREDENTIALS
凭证#whentouserel =noreferrer> Google的文档。
我现在可以获得一个经过身份验证的客户端,如下所示:
授权= Google :: Auth.get_application_default(范围)
这个方法从文件中读取证书,这个文件在本地工作,但是我的应用程序托管在Heroku上,文件存储是不可能的。
文档说明我可以提供此文件(不能) ,在官方Googl上运行我的应用程序e服务(不会),或遇到错误。
如何在没有 client_secrets
file?
我在源代码 google-auth-library-ruby
gem。
事实证明,还有另一种选择:从 client_secrets
文件中取值并将它们放入环境变量名为 GOOGLE_ACCOUNT_TYPE
, GOOGLE_CLIENT_ID
, GOOGLE_CLIENT_EMAIL
和 GOOGLE_PRIVATE_KEY
。
如果填充了这些密钥,凭据将从那里加载。尽管如此,在文档中并没有这样说。
I have a Google Service Account that my app uses to retrieve data from Google Analytics.
When I created the account I downloaded a client_secrets
file with all the necessary information for authorization via OAuth, and I recorded the path to this file in an environment variable called GOOGLE_APPLICATION_CREDENTIALS
as per Google's documentation.
I can now get an authenticated client like this:
authorization = Google::Auth.get_application_default(scopes)
This method reads the credentials out of the file, which works locally, but my app is hosted on Heroku where file storage is impossible.
The documentation states that I can either provide this file (can’t), run my app on an official Google Service (won’t), or experience an error.
How can I authenticate my service account without the client_secrets
file?
I found the answer in the source code of the google-auth-library-ruby
gem.
It turns out that there is another option: take the values from the client_secrets
file and put them in environment variables named GOOGLE_ACCOUNT_TYPE
, GOOGLE_CLIENT_ID
, GOOGLE_CLIENT_EMAIL
and GOOGLE_PRIVATE_KEY
respectively.
If these keys are populated, the credentials will load from there. Not a whisper of this in the docs, though.
这篇关于我如何在没有默认凭证文件的情况下授权Google服务帐户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!