java - 使用服务帐户而不是 O Auth Client ID 设置的 Gmail API
问题描述
我注意到 Google Storage 使用类似于创建凭据的方式来启动服务。什么是 Gmail 等价物?我不想制作 O Auth 客户端 ID。我附在使用 O Auth 客户端 ID 的 Gmail 快速入门指南下方。
我也尝试过查看文档,但在 O Auth Client ID 之外找不到任何内容。如果有人能指出我正确的方向,我正在尝试使用服务帐户构建一个更安全的应用程序。
Credentials credentials = GoogleCredentials.fromStream(new FileInputStream(SERVICE_ACCOUNT_JSON_PATH));
this.storage = StorageOptions.newBuilder().setCredentials(credentials)
.build().getService();
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.extensions.java6.auth.oauth2.AuthorizationCodeInstalledApp;
import com.google.api.client.extensions.jetty.auth.oauth2.LocalServerReceiver;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.store.FileDataStoreFactory;
import com.google.api.services.gmail.Gmail;
import com.google.api.services.gmail.GmailScopes;
import com.google.api.services.gmail.model.Label;
import com.google.api.services.gmail.model.ListLabelsResponse;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.List;
public class GmailQuickstart {
private static final String APPLICATION_NAME = "Gmail API Java Quickstart";
private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
private static final String TOKENS_DIRECTORY_PATH = "tokens";
/**
* Global instance of the scopes required by this quickstart.
* If modifying these scopes, delete your previously saved tokens/ folder.
*/
private static final List<String> SCOPES = Collections.singletonList(GmailScopes.GMAIL_LABELS);
private static final String CREDENTIALS_FILE_PATH = "/credentials.json";
/**
* Creates an authorized Credential object.
* @param HTTP_TRANSPORT The network HTTP Transport.
* @return An authorized Credential object.
* @throws IOException If the credentials.json file cannot be found.
*/
private static Credential getCredentials(final NetHttpTransport HTTP_TRANSPORT) throws IOException {
// Load client secrets.
InputStream in = GmailQuickstart.class.getResourceAsStream(CREDENTIALS_FILE_PATH);
if (in == null) {
throw new FileNotFoundException("Resource not found: " + CREDENTIALS_FILE_PATH);
}
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
// Build flow and trigger user authorization request.
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, SCOPES)
.setDataStoreFactory(new FileDataStoreFactory(new java.io.File(TOKENS_DIRECTORY_PATH)))
.setAccessType("offline")
.build();
LocalServerReceiver receiver = new LocalServerReceiver.Builder().setPort(8888).build();
return new AuthorizationCodeInstalledApp(flow, receiver).authorize("user");
}
public static void main(String... args) throws IOException, GeneralSecurityException {
// Build a new authorized API client service.
final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
Gmail service = new Gmail.Builder(HTTP_TRANSPORT, JSON_FACTORY, getCredentials(HTTP_TRANSPORT))
.setApplicationName(APPLICATION_NAME)
.build();
// Print the labels in the user's account.
String user = "me";
ListLabelsResponse listResponse = service.users().labels().list(user).execute();
List<Label> labels = listResponse.getLabels();
if (labels.isEmpty()) {
System.out.println("No labels found.");
} else {
System.out.println("Labels:");
for (Label label : labels) {
System.out.printf("- %s\n", label.getName());
}
}
}
}
解决方案
为了使用服务帐户凭据,您必须调整您的代码才能使用它们,类似于:
private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
private static final String SERVICE_ACCOUNT_ID = "SERVICE_ACCOUNT_ID";
private static final String APPLICATION_NAME = "Gmail API Java Quickstart";
PrivateKey key = (PrivateKey)keystore.getKey(KEY.toCharArray());
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_ID)
.setServiceAccountScopes(SCOPES)
.setServiceAccountPrivateKey(key)
.setServiceAccountEmail("SERVICE_ACCOUNT_ID")
.build();
Gmail service = new Gmail.Builder(httpTransport, JSON_FACTORY, credentials)
.setApplicationName(APPLICATION_NAME).build();
但是,请记住,创建服务帐户是不够的- 您还必须通过模拟域中的其他用户来委派权限。
至于文档,此处的这份详尽指南可能对您的用例有所帮助。
参考
推荐阅读
- python - Python mypy 检查 TypeVar(bound=Union[A, B]) 的返回类型不会出错 vs TypeVar(A, B) 会出错
- c - Scanf 没有在 while 循环中被拾取
- kubernetes - 为每个用户授予特定命名空间的权限
- javascript - 在 Google Sheets 中制作自定义函数,代码在工作表之外工作,但不在工作表中
- python - 来自列和其他列的 Pandas countifs 值不为空
- c - 为什么我们不能打印从 0 到 31 的 ASCII 值?
- node.js - Angular HttpErrorResponse 401(未经授权)
- maven - 如何在 Netbeans 中为 JavaFX 11 项目修复“未找到主类”消息?
- python - 如何将 Big-O 表示法应用于此算法?
- python - 从用户那里获取输入然后在句子中使用它