4

我正在使用适用于 PHP 的 Google 标准库来使用日历服务,并且我已经通过 Google API 控制台为 OAuth 2.0 身份验证设置了服务帐户类型。

我的主要目标是通过批量更新用户的谷歌日历(例如:user@organisationname.com)(当用户不在线时)。例如。更新用户日历中的事件。

当用户登录应用程序(使用 OAuth2.0)时,他/她将为应用程序提供“管理您的日历”、“查看您的日历”和“在我不使用应用程序时执行这些操作”的权限

以下代码用于使用 OAuth2.0 登录

<?php
require_once '../../src/Google_Client.php';
require_once '../../src/contrib/Google_CalendarService.php';
session_start();

$client = new Google_Client();
$client->setApplicationName("Google Calendar PHP Starter Application");


$client->setClientId('XXXXX-flue2a9o5ll602ovrhaejlpm9otgjh1r.apps.googleusercontent.com');
$client->setClientSecret('XXXXXXXXXX');
$client->setRedirectUri('http://localhost/testAPI/google-api-php-client/examples/calendar/simple.php');
$client->setDeveloperKey('AIzaSyCGvXRXGMo58ZDswyb4zBkJgRMLcHBRIrI');
$cal = new Google_CalendarService($client);
if (isset($_GET['logout'])) {
  unset($_SESSION['token']);
}

if (isset($_GET['code'])) {
  $client->authenticate($_GET['code']);

  $_SESSION['code']=$_GET['code'];

  $_SESSION['token'] = $client->getAccessToken();
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}

if (isset($_SESSION['token'])) {
  $client->setAccessToken($_SESSION['token']);
}

if ($client->getAccessToken()) {
  $calList = $cal->calendarList->listCalendarList();
  print "<h1>Calendar List</h1><pre>" . print_r($calList, true) . "</pre>";

  echo $_SESSION['code'];


$_SESSION['token'] = $client->getAccessToken();
} else {
  $authUrl = $client->createAuthUrl();
  print "<a class='login' href='$authUrl'>Connect Me!</a>";
}

?>

Once I get permissions do I have to save something to use these permissions in future when the user is not logged in?

Following code works fine when user is logged in. But returns Error refreshing the OAuth2 token, message: '{ "error" : "access_denied" }' when user is logged out

<?php 

require_once '../src/Google_Client.php';
require_once '../src/contrib/Google_CalendarService.php';

session_start();

const CLIENT_ID = 'XXXXXX.apps.googleusercontent.com';
const SERVICE_ACCOUNT_NAME = 'XXXX@developer.gserviceaccount.com';

const KEY_FILE = 'f183b8caXXXXXXXXatekey.p12';

$client = new Google_Client();
$client->setApplicationName("XXXXXXXX Calendar Service");

if (isset($_SESSION['token'])) {
 $client->setAccessToken($_SESSION['token']);
}

$key = file_get_contents(KEY_FILE);
$client->setClientId(CLIENT_ID);

$client->setAssertionCredentials(new Google_AssertionCredentials(
        SERVICE_ACCOUNT_NAME,
        array('https://www.googleapis.com/auth/calendar'),
        $key,
        'notasecret',
        'http://oauth.net/grant_type/jwt/1.0/bearer',
        '363183053@developer.gserviceaccount.com')
);

$client->setClientId(CLIENT_ID);

$cal = new Google_CalendarService($client);

    try{
$cal->events->quickAdd("info@organisationname.com", "SERVICE TEST ");
}catch(Exception $e){

    print_r($e->getMessage());
}

// We're not done yet. Remember to update the cached access token.
// Remember to replace $_SESSION with a real database or memcached.
if ($client->getAccessToken()) {
    echo $_SESSION['token'] = $client->getAccessToken();
}

What should I do in order to update calendar when user is not logged in (provided user has given permission). Should I save the Access Code when user is logged in and use it later when I want to run the batch?

BTW What is association handle?

4

2 回答 2

3

In fact you do not need to share the calendar with the service account. What needs to happen is to Delegate domain-wide authority to your service account.

The service account that you created now needs to be granted access to the Google Apps domain’s user data that you want to access.

The following tasks have to be performed by an administrator of the Google Apps domain: 1. Go to your Google Apps domain’s control panel. The URL should look like: https://www.google.com/a/cpanel/mydomain.com

  1. Go to Advanced tools... > Manage third party OAuth Client access.

  2. In the Client name field enter the service account's Client ID.

  3. In the One or More API Scopes field enter the list of scopes that your application should be granted access to. For example if you need domain-wide readonly access to the Google Calendar API enter: https://www.googleapis.com/auth/calendar.readonly

  4. Click the Authorize button.

于 2013-03-05T18:01:30.463 回答
2

You Getting the Error because of your Scopes not mentioned properly. In Google OAuth 2.0 Scope defined :

Indicates the Google API access your application is requesting. The values passed in this parameter inform the consent page shown to the user. There is an inverse relationship between the number of permissions requested and the likelihood of obtaining user consent.

space delimited set of permissions the application requests

  • To Resolve the issue you have to first Change the Scope Parameters

  • Include Calender Scope in it

  • Then Get the Access Token and then try to change the things

  • Then do changes accordingly to requirements and steps provided in API Documentation

于 2013-03-01T14:31:13.053 回答