正在加载服务帐户 Json 密钥文件
Loading Service account Json key file
Google 最近开始为我们提供服务帐户的 Json 密钥文件,而不是 P12 密钥文件。我一直在努力解决这个问题,那里没有太多信息,我看到的信息说这应该有效。
string[] scopes = new string[] { DriveService.Scope.Drive};
Stream stream = new FileStream(jsonKeyFilePath, FileMode.Open, FileAccess.Read, FileShare.Read);
var credential = GoogleCredential.FromStream(stream).CreateScoped(scopes);
然而它抛出以下异常
Error creating credential from JSON. Unrecognized credential type .
我已经仔细检查了 json 密钥文件,下载了两个不同的文件,试图让它不起作用。
我认为您首先需要反序列化流,至少是我在以下位置找到的:https://github.com/google/google-api-dotnet-client/blob/a5288c4493a12791b46f7142efacb83c4fcacf58/Src/Support/GoogleApis.Auth.PlatformServices_Shared/OAuth2/DefaultCredentialProvider.cs#L169
试试看并告诉我们。
是的,我们需要改进文档,但我们首先要找到问题所在,然后我会根据具体要求在 GitHub 中打开一个新问题。
我下载了一个服务帐户 json 密钥文件并尝试了相同的代码,它工作正常。如果我手动损坏 json 密钥文件中的 "type" 字段,我能够重现该问题。能不能重新下载一个json密钥文件再试一次。 json 密钥文件应如下所示(已删除敏感数据):
{
"type": "service_account",
"project_id": ...,
"private_key_id": ...,
"private_key": ...,
"client_email": ...,
"client_id": ...,
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": ...
}
以下代码用于对旧 json 文件或 .p12 文件进行身份验证。
public static class ServiceAccountExample
{
/// <summary>
/// Authenticating to Google using a Service account
/// Documentation: https://developers.google.com/accounts/docs/OAuth2#serviceaccount
/// </summary>
/// <param name="serviceAccountEmail">From Google Developer console https://console.developers.google.com</param>
/// <param name="serviceAccountCredentialFilePath">Location of the .p12 or Json Service account key file downloaded from Google Developer console https://console.developers.google.com</param>
/// <returns>AnalyticsService used to make requests against the Analytics API</returns>
public static CalendarService AuthenticateServiceAccount(string serviceAccountEmail, string serviceAccountCredentialFilePath, string[] scopes)
{
try
{
if (string.IsNullOrEmpty(serviceAccountCredentialFilePath))
throw new Exception("Path to the service account credentials file is required.");
if (!File.Exists(serviceAccountCredentialFilePath))
throw new Exception("The service account credentials file does not exist at: " + serviceAccountCredentialFilePath);
if (string.IsNullOrEmpty(serviceAccountEmail))
throw new Exception("ServiceAccountEmail is required.");
// For Json file
if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".json")
{
GoogleCredential credential;
using (var stream = new FileStream(serviceAccountCredentialFilePath, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential.FromStream(stream)
.CreateScoped(scopes);
}
// Create the Analytics service.
return new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Calendar Service account Authentication Sample",
});
}
else if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".p12")
{ // If its a P12 file
var certificate = new X509Certificate2(serviceAccountCredentialFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = scopes
}.FromCertificate(certificate));
// Create the Calendar service.
return new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Calendar Authentication Sample",
});
}
else
{
throw new Exception("Unsupported Service accounts credentials.");
}
}
catch (Exception ex)
{
throw new Exception("CreateServiceAccountCalendarFailed", ex);
}
}
}
}
中窃取的代码
我认为您正在使用从 Firebase 下载的文件 google-services.json。这不是您需要的文件。你要做的流程是:
- 转到 Firebase 控制台
- 点击设置
- 单击项目设置
- 单击服务帐户
- 点击生成新私钥按钮
- 使用此方法生成的文件。
Google 最近开始为我们提供服务帐户的 Json 密钥文件,而不是 P12 密钥文件。我一直在努力解决这个问题,那里没有太多信息,我看到的信息说这应该有效。
string[] scopes = new string[] { DriveService.Scope.Drive};
Stream stream = new FileStream(jsonKeyFilePath, FileMode.Open, FileAccess.Read, FileShare.Read);
var credential = GoogleCredential.FromStream(stream).CreateScoped(scopes);
然而它抛出以下异常
Error creating credential from JSON. Unrecognized credential type .
我已经仔细检查了 json 密钥文件,下载了两个不同的文件,试图让它不起作用。
我认为您首先需要反序列化流,至少是我在以下位置找到的:https://github.com/google/google-api-dotnet-client/blob/a5288c4493a12791b46f7142efacb83c4fcacf58/Src/Support/GoogleApis.Auth.PlatformServices_Shared/OAuth2/DefaultCredentialProvider.cs#L169
试试看并告诉我们。 是的,我们需要改进文档,但我们首先要找到问题所在,然后我会根据具体要求在 GitHub 中打开一个新问题。
我下载了一个服务帐户 json 密钥文件并尝试了相同的代码,它工作正常。如果我手动损坏 json 密钥文件中的 "type" 字段,我能够重现该问题。能不能重新下载一个json密钥文件再试一次。 json 密钥文件应如下所示(已删除敏感数据):
{
"type": "service_account",
"project_id": ...,
"private_key_id": ...,
"private_key": ...,
"client_email": ...,
"client_id": ...,
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": ...
}
以下代码用于对旧 json 文件或 .p12 文件进行身份验证。
public static class ServiceAccountExample
{
/// <summary>
/// Authenticating to Google using a Service account
/// Documentation: https://developers.google.com/accounts/docs/OAuth2#serviceaccount
/// </summary>
/// <param name="serviceAccountEmail">From Google Developer console https://console.developers.google.com</param>
/// <param name="serviceAccountCredentialFilePath">Location of the .p12 or Json Service account key file downloaded from Google Developer console https://console.developers.google.com</param>
/// <returns>AnalyticsService used to make requests against the Analytics API</returns>
public static CalendarService AuthenticateServiceAccount(string serviceAccountEmail, string serviceAccountCredentialFilePath, string[] scopes)
{
try
{
if (string.IsNullOrEmpty(serviceAccountCredentialFilePath))
throw new Exception("Path to the service account credentials file is required.");
if (!File.Exists(serviceAccountCredentialFilePath))
throw new Exception("The service account credentials file does not exist at: " + serviceAccountCredentialFilePath);
if (string.IsNullOrEmpty(serviceAccountEmail))
throw new Exception("ServiceAccountEmail is required.");
// For Json file
if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".json")
{
GoogleCredential credential;
using (var stream = new FileStream(serviceAccountCredentialFilePath, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential.FromStream(stream)
.CreateScoped(scopes);
}
// Create the Analytics service.
return new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Calendar Service account Authentication Sample",
});
}
else if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".p12")
{ // If its a P12 file
var certificate = new X509Certificate2(serviceAccountCredentialFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = scopes
}.FromCertificate(certificate));
// Create the Calendar service.
return new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Calendar Authentication Sample",
});
}
else
{
throw new Exception("Unsupported Service accounts credentials.");
}
}
catch (Exception ex)
{
throw new Exception("CreateServiceAccountCalendarFailed", ex);
}
}
}
}
我认为您正在使用从 Firebase 下载的文件 google-services.json。这不是您需要的文件。你要做的流程是:
- 转到 Firebase 控制台
- 点击设置
- 单击项目设置
- 单击服务帐户
- 点击生成新私钥按钮
- 使用此方法生成的文件。