Google API OAuth2,服务帐户,“error”:“invalid_grant”
我试图使用服务帐户同步日历从Dynamics CRM软件到谷歌。在此期间,我面临着缺乏关于google API for.NET的文档,尤其是关于授权的文档。由于使用了过时的库和类,大多数Google示例甚至无法编译。
所以我发现了一些关于实习和接收错误的例子。谁能看看我的样品,告诉我哪里做错了?
准备步骤:
- 我在我的私人Google帐户中创建了一个项目。
- 在project developer控制台的APIS&auth->Credentials下,我生成了服务帐户。然后点击“生成P12键”并下载。P12文件。
- 在APIS&auth->APIS下,打开“日历api”
然后创建控制台应用程序,并设法安装OAuth和Calendar nuget包。有:
- Google API Auth客户端库,Google.APIs.Auth 1.8.1
- Google API客户端库,Google.APIs 1.8.1
- Google API核心客户端库,ID:google.APIs.Core 1.8.1
- google.apis.calendar.v3客户端库,google.apis.calendar.v3 1.8.1.860
找到了一个代码,并根据我的需要进行了调整:
using System;
using System.Security.Cryptography.X509Certificates;
using Google.Apis.Calendar.v3;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
namespace CrmToGoogleCalendar
{
class Program
{
static void Connect()
{
var certificate = new X509Certificate2("My Project-ee7facaa2bb1.p12", "notasecret", X509KeyStorageFlags.Exportable);
var serviceAccountEmail = "506310960175-q2k8hjl141bml57ikufinsh6n8qiu93b@developer.gserviceaccount.com";
var userAccountEmail = "<my email>@gmail.com";
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
User = userAccountEmail,
Scopes = new[] { CalendarService.Scope.Calendar }
}
.FromCertificate(certificate));
var service = new CalendarService(new BaseClientService.Initializer()
{
ApplicationName = "Test calendar sync app",
HttpClientInitializer = credential
});
var calList = service.CalendarList.List().Execute().Items;
foreach (var cal in calList)
{
Console.WriteLine(cal.Id);
}
}
static void Main(string[] args)
{
Connect();
}
}
}
我在应用程序和Fiddler中看到的与Google API的通信是:
请求:
主机:HTTPS accounts.google.com,URL://oauth2/token
断言:长二进制字符串
grant_type:urn:ietf:params:oauth:grant-type:jwt-bearer
回应:
HTTP/1.1 400坏请求内容-类型:应用程序/JSON缓存-控制:无缓存,无存储,max-age=0,必须重新验证杂注:无缓存过期:1990年1月1日星期五00:00:00 GMT日期:Thu,2014年7月24日06:12:18 GMT x-内容-类型-选项:nosniff x-帧-选项:SAMEORIGIN x-xss-保护:1;mode=block server:GSE备用-协议:443:QUIC传输-编码:分块
1F{“error”:“invalid_grant”}0
请帮忙并提前致谢!
共有1个答案
经过一些调查,我发现谷歌API并不像你的个人帐户@gmail.com所期望的那样工作。您应该在Google中有组织域帐户,格式为You@your_organisation_domain
然后,同样令人困惑的是,Google Drive API页面上有文档,“将域范围的权限委托给您的服务帐户”部分在Calendar API页面上没有提到。这一节有7个步骤,是必须做的。
顺便说一句,个人账户管理网站admin.google.com甚至不可用。所以用@gmail.com帐户执行这7个步骤是不可能的。
然后,当客户端在谷歌应用程序管理控制台>安全>高级设置>管理OAuth客户端访问中获得授权时,代码开始工作。
有一个代码适用于我:
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using Google.Apis.Calendar.v3;
using Google.Apis.Calendar.v3.Data;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
namespace CrmToGoogleCalendar
{
class Program
{
static void Connect()
{
Console.WriteLine("Calendar via OAuth2 Service Account Sample");
var certificate = new X509Certificate2("My MC Project-3f38defdf4e4.p12", "notasecret", X509KeyStorageFlags.Exportable);
var serviceAccountEmail = "795039984093-c6ab1mknpediih2eo9cb70mc9jpu9h03@developer.gserviceaccount.com";
var userAccountEmail = "me@testdomain.com";
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
User = userAccountEmail,
Scopes = new[] { CalendarService.Scope.Calendar }
}
.FromCertificate(certificate));
var service = new CalendarService(new BaseClientService.Initializer()
{
ApplicationName = "Test calendar sync app",
HttpClientInitializer = credential
});
/* Get list of calendars */
var calList = service.CalendarList.List().Execute().Items;
var myCalendar = calList.First(@c => @c.Id == userAccountEmail);
/* CREATE EVENT */
var event1 = new Event()
{
Kind = "calendar#event",
Summary = "Calendar event via API",
Description = "Programmatically created",
Status = "confirmed",
Organizer = new Event.OrganizerData() {
Email = userAccountEmail
},
Start = new EventDateTime()
{
DateTime = DateTime.Now.AddDays(1)
},
End = new EventDateTime()
{
DateTime = DateTime.Now.AddDays(1).AddHours(1)
},
ColorId = "6",
Reminders = new Event.RemindersData()
{
UseDefault = false,
Overrides = new List<EventReminder>(
new [] {
new EventReminder()
{
Method = "popup",
Minutes = 60
}
})
}
};
event1 = service.Events.Insert(event1, myCalendar.Id).Execute();
Console.WriteLine("Created event Id: {0}", event1.Id);
/* ENLIST EVENTS */
Console.WriteLine("calendar id={0}", myCalendar.Id);
var events = service.Events.List(myCalendar.Id).Execute();
foreach (var @event in events.Items)
{
Console.WriteLine("Event ID: {0}, ICalUID: {1}", @event.Id, @event.ICalUID);
Console.WriteLine(" Name: {0}", @event.Summary);
Console.WriteLine(" Description: {0}", @event.Description);
Console.WriteLine(" Status: {0}", @event.Status);
Console.WriteLine(" Color: {0}", @event.ColorId);
Console.WriteLine(" Attendees: {0}", @event.Attendees == null ? "" : @event.Attendees.Select(a => a.Email).ToString());
Console.WriteLine(" Kind: {0}", @event.Kind);
Console.WriteLine(" Location: {0}", @event.Location);
Console.WriteLine(" Organizer: {0}", @event.Organizer.Email);
Console.WriteLine(" Recurrence: {0}", @event.Recurrence == null ? "no recurrence" : String.Join(",", @event.Recurrence));
Console.WriteLine(" Start: {0}", @event.Start.DateTime == null ? @event.Start.Date : @event.Start.DateTime.ToString());
Console.WriteLine(" End: {0}", @event.End.DateTime == null ? @event.End.Date : @event.End.DateTime.ToString());
Console.WriteLine(" Reminders: {0}", @event.Reminders.UseDefault.Value ? "Default" : "Not defailt, " +
(@event.Reminders.Overrides == null ? "no overrides" : String.Join(",", @event.Reminders.Overrides.Select(reminder => reminder.Method + ":" + reminder.Minutes)))
);
Console.WriteLine("=====================");
}
Console.ReadKey();
}
static void Main(string[] args)
{
Connect();
}
}
}
产生的输出看起来如下:
Calendar via OAuth2 Service Account Sample
Created event Id: jkits4dnpq6oflf99mfqf1kdo0
calendar id=me@testdomain.com
Event ID: 1logvocs77jierahutgv962sus, ICalUID: 1logvocs77jierahutgv962sus@google.com
Name: test event
Description: test description2
Status: confirmed
Color:
Attendees:
Kind: calendar#event
Location: location2
Organizer: me@testdomain.com
Recurrence: RRULE:FREQ=WEEKLY;BYDAY=TH
Start: 2014-07-31
End: 2014-08-01
Reminders: Not defailt, email:10,popup:10
=====================
Event ID: 1logvocs77jierahutgv962sus_20140814, ICalUID: 1logvocs77jierahutgv962sus@google.com
Name: test event updated
Description: test description2
Status: confirmed
Color:
Attendees:
Kind: calendar#event
Location: location2
Organizer: me@testdomain.com
Recurrence: no recurrence
Start: 2014-08-14
End: 2014-08-15
Reminders: Not defailt, email:10
=====================
Event ID: 974hqdhh8jhv5sdobkggmdvvd8, ICalUID: 974hqdhh8jhv5sdobkggmdvvd8@google.com
Name: One hour event
Description: test description
Status: confirmed
Color: 7
Attendees:
Kind: calendar#event
Location: Meeting Room Hire, Broadway, 255 The Bdwy, Broadway, NSW 2007, Australia
Organizer: me@testdomain.com
Recurrence: no recurrence
Start: 1/08/2014 10:00:00 AM
End: 1/08/2014 11:00:00 AM
Reminders: Default
=====================
Event ID: jkits4dnpq6oflf99mfqf1kdo0, ICalUID: jkits4dnpq6oflf99mfqf1kdo0@google.com
Name: Calendar event via API
Description: Programmatically created
Status: confirmed
Color: 6
Attendees:
Kind: calendar#event
Location:
Organizer: me@testdomain.com
Recurrence: no recurrence
Start: 2/08/2014 12:30:50 PM
End: 2/08/2014 1:30:50 PM
Reminders: Not defailt, popup:60
=====================
希望这能帮助其他人节约时间。
-
我正在尝试通过服务帐户(客户端电子邮件和p12证书)连接到google doubeclick api,使用python客户端库,如以下示例所示: http://code.google.com/p/google-api-python-client/source/browse/samples/service_account/tasks.py 它给我一个空access_token: 这有什么意义?我有没
-
我想用gmail API阅读我的gmail收件箱。我需要使用服务帐户,因为我的应用程序没有用户交互。我在请求时收到以下错误: 这是我的代码: 我做错了什么?有人能帮我吗? 当做
-
我正在使用谷歌服务帐户将MySQL备份从我们的网络服务器推送到谷歌云端硬盘,使用谷歌API PHP客户端脚本设置为cron作业。 我现在想在多个网络服务器上运行相同的脚本,我不知道如何正确配置服务号,应该吗? > 是否在所有服务器上使用相同的服务帐户和服务帐户密钥/凭据? 或者使用相同的服务帐户,但为每个服务器添加服务帐户密钥/凭据? 还是为每台服务器设置单独的服务帐户?
-
Googleapi版本:libs-sources/google-api-services-drive-v2-rev168-1.20.0-sources.jar java版本:“1.7.0_79”java(TM)SE运行时环境(build 1.7.0_79-B15)java HotSpot(TM)64位服务器VM(build 24.79-B02,混合模式) 还将下载的p12文件加载到\jdk1.7.
-
我开发了以下代码,用于自动执行我的一些实例的启动/停止任务,这些实例不需要一直运行,而是在特定范围内运行。 这是我的代码:https://github.com/maartinpii/gcp-shst 我按照谷歌云平台指南(参考:https://cloud.google.com/iam/docs/understanding-service-accounts https://cloud.google.
-
我目前正在研究Office 365 API。是否可以创建一个服务帐户,该帐户将代表应用程序而不是用户调用API? 谷歌有以下内容:https://developers.google.com/accounts/docs/OAuth2#serviceaccount 谢谢 感谢您回复我。是否可以使用API执行以下操作。我想这是我在另一个博客上读到的,但我只是想证实这一点。http://blogs.msd