0

所以我正在使用 google-api-ruby-client 制作一个谷歌分析应用程序,我想每次都使用特定用户登录,而不是每次都重定向到 oauth。我的问题是:有没有办法将该客户端的登录名/密码插入到代码中,这样当我使用该应用程序时,我不必授权任何东西?

这是进行autentication的代码:

class TokenPair
    attr_accessor :id
    attr_accessor :refresh_token
    attr_accessor :access_token
    attr_accessor :issued_at

    def initialize
      @@id ||= 1
      self.id = @@id
      @@id += 1
    end

    def self.get(id)
      @@els ||= {}
      tp = @@els.fetch(id, TokenPair.new)
      @@els[tp.id] = tp
    end

    def update_token!(object)
      self.refresh_token = object.refresh_token
      self.access_token = object.access_token
      #self.expires_in = object.expires_in
      self.issued_at = object.issued_at
    end

    def to_hash
      {
          refresh_token: refresh_token,
          access_token: access_token,
          #    expires_in: expires_in,
          issued_at: issued_at ? Time.at(issued_at) : ''
      }
    end
  end

  def logout
    reset_session
    redirect_to root_url
  end

  def logged_in?

    if session["token_id"]
      redirect_to profile_path
    end

  end


  def login

    logged_in?

  end

  def self.params
    @@params
  end

  def update_token
    @client = Google::APIClient.new
    @client.authorization.client_id = '209273986197.apps.googleusercontent.com'
    @client.authorization.client_secret = '6sCG5ynCiz9Ej07pwIm653TU'
    @client.authorization.scope = 'https://www.googleapis.com/auth/analytics.readonly'
    @client.authorization.redirect_uri = callback_url
    @client.authorization.code = params[:code] if params[:code]
    logger.debug session.inspect
    if session[:token_id]
      # Load the access token here if it's available
      token_pair = TokenPair.get(session[:token_id])
      @client.authorization.update_token!(token_pair.to_hash)
    end
    if @client.authorization.refresh_token && @client.authorization.expired?
      @client.authorization.fetch_access_token!
    end
    @analytics = @client.discovered_api('analytics', 'v3')
    unless @client.authorization.access_token || request.path_info =~ /^\/oauth2/
      redirect_to authorize_path
    end
  end


  def authorize
    redirect_to @client.authorization.authorization_uri.to_s, :status => 303
  end

  def callback
    begin
      @client.authorization.fetch_access_token!
      # Persist the token here
      token_pair = TokenPair.get(session[:token_id])
  token_pair.update_token!(@client.authorization)
  session[:token_id] = token_pair.id
  redirect_to profile_url
rescue ArgumentError
  redirect_to root_url
end
end

def get_web_properties
result = @client.execute(
    api_method: @analytics.management.profiles.list,
    parameters: {accountId: "~all", webPropertyId: "~all"}
#parameters: {accountId: "582717"}
)
result.data
end
4

1 回答 1

0

即使您的应用程序始终充当同一个用户,出于各种原因,OAuth 仍然是首选机制 - 更容易撤销访问,在妥协的情况下限制访问,不推荐使用客户端登录身份验证机制等。

默认情况下,客户端将请求离线访问,这使您可以无限期地刷新访问令牌,而不必每次都经过完整的 oauth 流程。您可以简单地对应用授权一次,保存刷新令牌,当它过期时,只需调用 fetch_access_token!再次。如果您使用的是最新版本的库,如果令牌过期,客户端将自动尝试刷新令牌,因此您需要注意的是刷新令牌的初始授权和存储。

于 2013-01-15T00:58:30.150 回答