1

我一直在关注我能找到的所有(有时是相互冲突的)文档,但对我没有任何帮助,所以我希望我能得到知情人士的一些答案。提前谢谢了。

我有一个在浏览器中运行良好的试用版 Google 地图坐标系帐户。现在我正在尝试使用 google-api-ruby-client 以编程方式访问它。我已经设置了服务器到服务器证书。

我可以进行身份​​验证(我认为),因为我可以获得访问令牌。但是当我调用 client.execute 我得到 403 禁止。我没有超出 google api 控制台(1000/天)上显示的配额,而且我没有快速调用(小于 1/秒)。

以下是 irb 中显示的内容。值得注意的是第 32 行。您可以清楚地看到我有一个访问令牌。第 38 行之后返回的结果仍然具有访问令牌,但访问被拒绝。

2.0.0p195 :021 >     require 'google/api_client/client_secrets'
=> false 
2.0.0p195 :022 > 
2.0.0p195 :023 >       key = Google::APIClient::PKCS12.load_key('privatekey.p12', 'notasecret')
=> #<OpenSSL::PKey::RSA:0x007fe70667bdb8> 
2.0.0p195 :024 >     client = Google::APIClient.new
Google::APIClient - Please provide :application_name and :application_version when initializing the client
=> #<Google::APIClient:0x007fe706680340 @host="www.googleapis.com", @port=443, @discovery_path="/discovery/v1", @user_agent="google-api-ruby-client/0.6.4 Mac OS X/10.8.5", @authorization=#<Signet::OAuth2::Client:0x007fe7067df970 @authorization_uri=#<Addressable::URI:0x3ff3833ef8f8 URI:https://accounts.google.com/o/oauth2/auth>, @token_credential_uri=#<Addressable::URI:0x3ff3833ef3e4 URI:https://accounts.google.com/o/oauth2/token>, @client_id=nil, @client_secret=nil, @scope=nil, @state=nil, @code=nil, @redirect_uri=nil, @username=nil, @password=nil, @issuer=nil, @principal=nil, @expiry=60, @audience=nil, @signing_key=nil, @extension_parameters={}>, @auto_refresh_token=true, @key=nil, @user_ip=nil, @discovery_uris={}, @discovery_documents={}, @discovered_apis={}> 
2.0.0p195 :025 >     client.authorization = Signet::OAuth2::Client.new(
2.0.0p195 :026 >             :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
2.0.0p195 :027 >             :audience => 'https://accounts.google.com/o/oauth2/token',
2.0.0p195 :028 >             :scope => 'https://www.googleapis.com/auth/coordinate',
2.0.0p195 :029 >             :issuer => '759273242939-7ens86h2qti3610f29v066v9shcq1v2t@developer.gserviceaccount.com',
2.0.0p195 :030 >             :signing_key => key)
=> #<Signet::OAuth2::Client:0x007fe7080ded68 @authorization_uri=nil, @token_credential_uri=#<Addressable::URI:0x3ff38406f024 URI:https://accounts.google.com/o/oauth2/token>, @client_id=nil, @client_secret=nil, @scope=["https://www.googleapis.com/auth/coordinate"], @state=nil, @code=nil, @redirect_uri=nil, @username=nil, @password=nil, @issuer="759273242939-7ens86h2qti3610f29v066v9shcq1v2t@developer.gserviceaccount.com", @principal=nil, @expiry=60, @audience="https://accounts.google.com/o/oauth2/token", @signing_key=#<OpenSSL::PKey::RSA:0x007fe70667bdb8>, @extension_parameters={}> 
2.0.0p195 :031 > 
2.0.0p195 :032 >       client.authorization.fetch_access_token!
=> {"access_token"=>"ya29.AHES6ZQLZdWkZVDdPwLY7rasxjFYKP89GQipfM6wR-EPRdimGA6pdQ", "token_type"=>"Bearer", "expires_in"=>3600} 
2.0.0p195 :033 > 
2.0.0p195 :034 >       coordinate = client.discovered_api('coordinate')
=> #<Google::APIClient::API:0x3ff3805d7b78 ID:coordinate:v1> 
2.0.0p195 :035 > 
2.0.0p195 :036 >       results = client.execute(
2.0.0p195 :037 >             :api_method => coordinate.jobs.list,
2.0.0p195 :038 >             :parameters => {'teamId' => 'ZXJgk_kzS2iy-Z-9yvMTxw'})
=> #<Google::APIClient::Result:0x007fe700c479a0 @request=#<Google::APIClient::Request:0x007fe700c0e6c8 @parameters={"teamId"=>"ZXJgk_kzS2iy-Z-9yvMTxw"}, @headers={"User-Agent"=>"google-api-ruby-client/0.6.4 Mac OS X/10.8.5"}, @api_method=#<Google::APIClient::Method:0x3ff3805da60c ID:coordinate.jobs.list>, @authenticated=nil, @authorization=#<Signet::OAuth2::Client:0x007fe7080ded68 @authorization_uri=nil, @token_credential_uri=#<Addressable::URI:0x3ff38406f024 URI:https://accounts.google.com/o/oauth2/token>, @client_id=nil, @client_secret=nil, @scope=["https://www.googleapis.com/auth/coordinate"], @state=nil, @code=nil, @redirect_uri=nil, @username=nil, @password=nil, @issuer="759273242939-7ens86h2qti3610f29v066v9shcq1v2t@developer.gserviceaccount.com", @principal=nil, @expiry=60, @audience="https://accounts.google.com/o/oauth2/token", @signing_key=#<OpenSSL::PKey::RSA:0x007fe70667bdb8>, @extension_parameters={}, @grant_type=nil, @refresh_token=nil, @issued_at=2013-11-12 11:32:28 +0800, @access_token="ya29.AHES6ZQLZdWkZVDdPwLY7rasxjFYKP89GQipfM6wR-EPRdimGA6pdQ", @expires_in=3600>, @body="">, @response=#<Faraday::Response:0x007fe700c479f0 @env={:method=>:get, :body=>"{\n \"error\": {\n  \"errors\": [\n   {\n    \"domain\": \"global\",\n    \"reason\": \"forbidden\",\n    \"message\": \"Forbidden\"\n   }\n  ],\n  \"code\": 403,\n  \"message\": \"Forbidden\"\n }\n}\n", :url=>#<URI::HTTPS:0x007fe700c24298 URL:https://www.googleapis.com/coordinate/v1/teams/ZXJgk_kzS2iy-Z-9yvMTxw/jobs>, :request_headers=>{"User-Agent"=>"google-api-ruby-client/0.6.4 Mac OS X/10.8.5", "Authorization"=>"Bearer ya29.AHES6ZQLZdWkZVDdPwLY7rasxjFYKP89GQipfM6wR-EPRdimGA6pdQ", "Cache-Control"=>"no-store", "Content-Type"=>"application/x-www-form-urlencoded"}, :parallel_manager=>nil, :request=>{:proxy=>nil}, :ssl=>{}, :status=>403, :response_headers=>{"content-type"=>"application/json; charset=UTF-8", "date"=>"Tue, 12 Nov 2013 03:32:27 GMT", "expires"=>"Tue, 12 Nov 2013 03:32:27 GMT", "cache-control"=>"private, max-age=0", "x-content-type-options"=>"nosniff", "x-frame-options"=>"SAMEORIGIN", "x-xss-protection"=>"1; mode=block", "server"=>"GSE", "alternate-protocol"=>"443:quic", "connection"=>"close"}, :response=>#<Faraday::Response:0x007fe700c479f0 ...>}, @on_complete_callbacks=[]>> 
2.0.0p195 :039 >     
2.0.0p195 :040 >       puts results.data.to_json
{"error":{"errors":[{"domain":"global","reason":"forbidden","message":"Forbidden"}],"code":403,"message":"Forbidden"}}
=> nil 
2.0.0p195 :041 >
4

1 回答 1

2

您可能会遇到问题,因为您的服务帐户没有 Google 地图协调中心许可。我不知道如何让服务帐户访问协调中心,但我使用了以下两种可能的解决方法:

  1. 从使用服务帐户切换到已安装的应用程序流程,当您的脚本启动时,它需要提示有权访问协调团队的用户登录并授予应用程序访问权限,但在此之后应该很好。
  2. 让您的服务帐号代表拥有协调中心的用户行事。您可以在您的域上启用一项设置,让服务帐户在某些范围内代表用户行事,这在此处记录:https ://developers.google.com/drive/delegation 。
于 2013-11-12T23:28:50.113 回答