0

我有以下错误

google.auth.exceptions.RefreshError:凭据不包含刷新访问令牌所需的必要字段。您必须指定 refresh_token、token_uri、client_id 和 client_secret。

我的项目是用 Angular 前端和烧瓶构建的。我的 Web 应用程序受 IAPGmail.readonly范围内的保护(我需要为用户列出所有标签)。

所以我需要从 IAP oauth2 获取 access_token 并将其传递到后面以调用 Gmail API Angular 端我尝试用这个获取我的 access_token

初始化间隙

 async initGoogleAuth(): Promise<void> {
    const payload = new Promise((resolve) => {
      gapi.load('auth2', resolve);
    });
    return payload.then(async () => {
      await gapi.auth2
        .init({
          client_id: this.clientId,
          fetch_basic_profile: true,
          prompt: 'select_account'
        })
        .then(auth => {
          this.gapiSetup = true;
          this.authInstance = auth;
        });
    }).catch(e => {
      console.log('Error initiating Google auth');
      console.log(e);
      return;
    });
  }

验证 gapi 是否为 init

async authenticate(): Promise<any> {
    if (!this.gapiSetup) {
      await this.initGoogleAuth();
    }

    const signInInstance = this.authInstance.signIn();
    await signInInstance.then(result => {
      const googleUser = this.authInstance.currentUser.get();
      this.isSignedIn = googleUser.isSignedIn();
      const profile = this.authInstance.currentUser.get().getBasicProfile()
      localStorage.setItem('email', profile.getEmail());
      localStorage.setItem('userName', profile.getName());
      localStorage.setItem('imageUrl', profile.getImageUrl());
      localStorage.setItem('token', this.authInstance.currentUser.get().getAuthResponse().id_token);
      localStorage.setItem('accessToken', this.authInstance.currentUser.get().getAuthResponse().access_token);
      console.log(this.authInstance.currentUser.get().getAuthResponse(true))
    }).catch(e => {
      console.log(e);
    });
  }

从我的组件中,我通过标头 access_toke

 sendRequest() {
    const headers = {
      headers: {
        "x-dvtm-access-token": localStorage.getItem('accessToken'),
        "x-Goog-Authenticated-User-Email": localStorage.getItem('email')
      }
    };
    // add "/check-preserve" for prod
    this.httpClient.get(environment.apiUrl + "/check-preserve", headers).subscribe(res => {
      if (typeof res === "string") {
        this.processResult(JSON.parse(res))
      }
      console.log(typeof (res));
      this.loading = false
    }, err => {
      this.loading = false
      console.error(err);
    });
  }

烧瓶方面我在这里得到令牌并建立凭据:

access_token = request.headers.get('x-dvtm-access-token')
user = request.headers.get('X-Goog-Authenticated-User-Email').replace("accounts.google.com:", "")

if not access_token or not user:
    return "Not authorized", 401



creds = google.oauth2.credentials.Credentials(access_token)
logging.info(creds.__dict__)
response = check_preserve_label(creds, user=user)

我错过了什么?谢谢你

            EDIT

因此,我将烧瓶更改为通过(请求模块)发送 HTTP 请求并添加标头 Authorization : 。但我感觉 IAP oauth2 不提供范围访问(即使在配置中设置)

'error': {'code': 403, 'message': 'Request has enough authentication scopes.', 'errors': [{'message': 'Insufficient Permission', 'domain': 'global', 'reason' :'insufficientPermissions'}],'状态':'PERMISSION_DENIED'}

所以我可能需要双重身份验证一次用于 IAP(域访问)和其他用于范围访问(Gmail 对我)源问题跟踪器

4

0 回答 0