OAuth Google API for Java无法冒充用户
我想模仿用户并代表他们从服务器进程向用户Google Drive添加文件。 我已经设置了一个服务帐户,可以使用以下代码成功访问驱动器作为服务帐户添加和列出文件等:
/** Global instance of the HTTP transport. */ private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport(); /** Global instance of the JSON factory. */ private static final JsonFactory JSON_FACTORY = new JacksonFactory(); public static void main(String[] args) { try { GoogleCredential credential = new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT) .setJsonFactory(JSON_FACTORY) .setServiceAccountId("XXXXX@developer.gserviceaccount.com") .setServiceAccountScopes(DriveScopes.DRIVE) .setServiceAccountPrivateKeyFromP12File(new File("c:/junk/key.p12")) .build(); Drive drive = new Drive.Builder(HTTP_TRANSPORT, JSON_FACTORY, credential).build(); drive.files().list().execute(); } catch (Exception e) { e.printStackTrace(); } 这有效,但只返回与我假设与服务帐户驱动器(?)相关联的文件。
根据JavaDoc,GoogleCredential还可以通过添加服务帐户用户电子邮件地址来模拟用户,如下所示:
GoogleCredential credential = new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT) .setJsonFactory(JSON_FACTORY) .setServiceAccountId("XXXXX@developer.gserviceaccount.com") .setServiceAccountScopes(DriveScopes.DRIVE) .setServiceAccountPrivateKeyFromP12File(new File("c:/junk/key.p12")) .setServiceAccountUser("usera@domain.com") //<-- impersonate user a .build();
但是,执行此代码时,会引发以下exception:
com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request { "error" : "access_denied" } at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:103) at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:303) at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:323) at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:340) at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:508) at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:260) at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:796) at com.google.api.client.googleapis.json.GoogleJsonResponseException.execute(GoogleJsonResponseException.java:198) at com.google.api.client.googleapis.services.GoogleClient.executeUnparsed(GoogleClient.java:237) at com.google.api.client.http.json.JsonHttpRequest.executeUnparsed(JsonHttpRequest.java:207) at com.google.api.services.drive.Drive$Files$List.execute(Drive.java:1071)
我错过了步骤或配置设置吗?
谢谢,大卫
我发现了类似的问题: Google Apps管理员可以使用云端硬盘SDK管理用户文件吗? 对我来说,这帮助我找到了答案。
cPanel文档有点误导,因为它指的是启用使用者密钥,然后将域添加到Manage API客户端访问屏幕。 这似乎对gdata api有效,而不是新的Google Drive api。 通过添加其他问题中建议的客户端ID并授予对Drive范围的访问权限,我现在可以模拟用户。
让您的管理员通过管理面板将范围添加到xxxxx.apps.googleusercontent.com:
我添加了以下内容来处理电子表格:
https://www.googleapis.com/auth/drive
https://docs.google.com/feeds
https://spreadsheets.google.com/feeds
