c# - 如何授权服务帐户访问用户云端硬盘帐户?
问题描述
我正在尝试允许用户与我的网络应用程序共享文件,我的应用程序有一个服务帐户,并且它已成功使用 G Suite 进行配置。
但是,我无法使用以下代码对用户进行身份验证,例如 ServiceAccount 上的 johndoe@gmail.com 以访问他上传的文件:
ServiceAccountCredential serviceAccountCredential = GoogleCredential.FromFile("service_account_secret.json").CreateScoped(DriveServiceScope).CreateWithUser("john_doe@gmail.com").UnderlyingCredential as ServiceAccountCredential;
向 DriveService 发出请求时出现以下异常:
Google.Apis.Auth.OAuth2.Responses.TokenResponseException:'错误:“unauthorized_client”,描述:“客户端未经授权无法使用此方法检索访问令牌。”,Uri:“”'
johndoe@gmail.com 需要做什么才能授权我的 ServiceAccount 访问他的文件?
解决方案
当您在 Google Developer 控制台上创建服务帐户时,您选择了错误的类型。不同类型的凭证的代码和凭证文件不同。
您可能创建了浏览器或本机应用程序凭据
这是.net的一些垃圾代码
/// <summary>
/// Authenticating to Google using a Service account
/// Documentation: https://developers.google.com/accounts/docs/OAuth2#serviceaccount
/// </summary>
/// <param name="serviceAccountEmail">From Google Developer console https://console.developers.google.com</param>
/// <param name="serviceAccountCredentialFilePath">Location of the .p12 or Json Service account key file downloaded from Google Developer console https://console.developers.google.com</param>
/// <returns>AnalyticsService used to make requests against the Analytics API</returns>
public static DriveService AuthenticateServiceAccount(string serviceAccountEmail, string serviceAccountCredentialFilePath, string[] scopes)
{
try
{
if (string.IsNullOrEmpty(serviceAccountCredentialFilePath))
throw new Exception("Path to the service account credentials file is required.");
if (!File.Exists(serviceAccountCredentialFilePath))
throw new Exception("The service account credentials file does not exist at: " + serviceAccountCredentialFilePath);
if (string.IsNullOrEmpty(serviceAccountEmail))
throw new Exception("ServiceAccountEmail is required.");
// For Json file
if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".json")
{
GoogleCredential credential;
using (var stream = new FileStream(serviceAccountCredentialFilePath, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential.FromStream(stream)
.CreateScoped(scopes);
}
// Create the Analytics service.
return new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Drive Service account Authentication Sample",
});
}
else if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".p12")
{ // If its a P12 file
var certificate = new X509Certificate2(serviceAccountCredentialFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = scopes
}.FromCertificate(certificate));
// Create the Drive service.
return new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Drive Authentication Sample",
});
}
else
{
throw new Exception("Unsupported Service accounts credentials.");
}
}
catch (Exception ex)
{
throw new Exception("CreateServiceAccountDriveFailed", ex);
}
}
}
}
推荐阅读
- javascript - 表单字段中的切换图标
- typescript - 从 TypeScript 中的数据库枚举
- vba - .End(xlUp) 可以跳过 Excel 表格数据范围底部的空白行/单元格吗?
- delphi - 如何在 FireMonkey 中获得屏幕缩放?
- hive - 使用 UNION ALL 运行时,Hive 中的 COUNT(*) 查询表现不同
- vba - 在 Excel 中运行生成的脚本时出现“变量未定义”
- python - Mixer.blend() 模块无法正确创建引用自定义用户对象的实例,该对象使用 UUID 作为 PK
- r - 泛化用于自定义函数的 for 循环
- azure - 如何删除 Azure Databricks 资源组?
- twitter-bootstrap - 我正在使用引导程序,并且容器流体中的列垂直堆叠,而不是拉伸以水平填充所有空间