将 Google Apps 脚本从 OAuth 1.0 OAuthConfig API 和 UrlFetchApp.addOAuthService 迁移到 OAuth 2.0
Migrating Google Apps Scripts from OAuth 1.0 OAuthConfig API and UrlFetchApp.addOAuthService to OAuth 2.0
我有几个关键的 Google Apps 脚本 "container-bound" 在 Google 表格电子表格中。他们打电话给 Google Admin SDK, Directory API, and some other Google APIs, like the URL Shortener API。
我最初是通过谷歌搜索和在 Stack Overflow 上搜索来实现这些功能的,直到我找到满足我需要的代码。
他们现在工作正常,但在过去的一个月里,我一直收到来自 Google 的电子邮件,其中指出 OAuth 1.0 已被弃用,任何使用它的东西都应该在 2015 年 4 月 20 日之前迁移到 OAuth 2.0。
我阅读了他们的官方文档和迁移指南,但仍然非常困惑。他们的所有文档似乎都是针对 "applications" 的,我找不到任何特定于 Google Apps 脚本和 Javascript 的内容。
这是我拥有的一个有效的 Google Apps 脚本示例。它需要一个电子邮件地址作为输入,returns 用户的全名。
var consumerKey = "domain.com";
var consumerSecret = "xxxxxxxxxxxxxxxxxxxxxxxx";
var publicApiAccessKey = 'xxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxx';
function getUsersName(email) {
var name = '';
try {
var url = 'https://www.googleapis.com/admin/directory/v1/users/' + email + '?key=' + publicApiAccessKey;
var scope = "https://www.googleapis.com/auth/admin.directory.user.readonly";
var fetchArgs = googleOAuth_("Users",scope);
fetchArgs.method = "GET";
fetchArgs.muteHttpExceptions=true;
var userJson = UrlFetchApp.fetch(url, fetchArgs);
var userObject = JSON.parse(userJson);
name = userObject.name.fullName;
} catch(e) {
// send failure email
}
return name;
}
function googleOAuth_(name,scope) {
var oAuthConfig = UrlFetchApp.addOAuthService(name);
oAuthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope=" + scope);
oAuthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
oAuthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");
oAuthConfig.setConsumerKey(consumerKey);
oAuthConfig.setConsumerSecret(consumerSecret);
return {oAuthServiceName:name, oAuthUseToken:'always'};
}
当我 运行 它时,我收到这些警告提示,确认我的 Google Apps 脚本使用的代码已被弃用,应该被替换:
以下是 Google 发出的通知客户已弃用服务的电子邮件文本:
Reminder for ClientLogin, OAuth 1.0, AuthSub, and OpenID 2.0 shutdown
Hello Administrator,
Over the past few years, we announced that ClientLogin, OAuth 1.0
(3LO), AuthSub, and OpenID 2.0 are deprecated and will shut down on
April 20, 2015. Google is moving away from these older protocols in
order to focus our support on the latest Internet standards, OAuth 2.0
and OpenID Connect.
Analysis of our logs leads us to believe that your domain
domain.com operates one or more applications that still use one
of these deprecated protocols. You need to ensure that your
applications use our supported authentication methods: OAuth 2.0 for
API authorization or OpenID Connect for federated authentication. The
easiest way to migrate to these new standards is to use the Google
Sign-in SDKs (see the migration documentation). Google Sign-in is
built on top of our OAuth 2.0 and OpenID Connect infrastructure and
provides a single interface for authentication and authorization flows
on Web, Android and iOS.
If the migration for these applications is not completed before the
deadline, the application will experience an outage in its ability to
connect to Google (possibly including the ability to sign in) until
the migration to a supported authentication protocol occurs. To avoid
any interruptions in service, it is critical that you work to migrate
prior to the shutdown date.
If you need to migrate your integration with Google:
Migrate from OpenID 2.0 to Google Sign-in (OpenID Connect). Migrate
from OAuth 1.0 to OAuth 2.0. For AuthSub and ClientLogin, there is no
migration support. You’ll need to start fresh with OAuth 2.0 and users
need to re-consent. If you have any technical questions about
migrating your application, please post questions to Stack Overflow
under the tag google-oauth or google-openid. Please keep in mind that
Stack Overflow is a publicly viewable forum. Our engineers will be
regularly notified of any posted questions.
我阅读了 Migrating from OAuth 1.0 to OAuth 2.0 部分,但我仍然不知道我应该做什么。我需要具体了解我需要在上面的代码中更改哪些内容才能让我的脚本在 4 月 20 日(下周一)之后继续工作。
转换需要 2 个步骤:
1) 您需要在脚本中添加 Oauth2 webflow。您可以在以下位置获取 google 开发的库来执行此操作:
https://github.com/googlesamples/apps-script-oauth2
查看此存储库中的 README.MD 以了解如何设置。
2) 更改您的调用以使用 Oauth2 令牌:
function getUsersName(email) {
var token = oauth2Service().getAccessToken(); //this will be setup from step 1
var name = '';
try {
var url = 'https://www.googleapis.com/admin/directory/v1/users/' + email;
var parameters = { method : 'get',
headers : {'Authorization': 'Bearer '+ token},
contentType:'application/json',
muteHttpExceptions:true};
var userJson = UrlFetchApp.fetch(url, parameters);
var userObject = JSON.parse(userJson);
name = userObject.name.fullName;
} catch(e) {
// send failure email
}
return name;
}
我有几个关键的 Google Apps 脚本 "container-bound" 在 Google 表格电子表格中。他们打电话给 Google Admin SDK, Directory API, and some other Google APIs, like the URL Shortener API。
我最初是通过谷歌搜索和在 Stack Overflow 上搜索来实现这些功能的,直到我找到满足我需要的代码。
他们现在工作正常,但在过去的一个月里,我一直收到来自 Google 的电子邮件,其中指出 OAuth 1.0 已被弃用,任何使用它的东西都应该在 2015 年 4 月 20 日之前迁移到 OAuth 2.0。
我阅读了他们的官方文档和迁移指南,但仍然非常困惑。他们的所有文档似乎都是针对 "applications" 的,我找不到任何特定于 Google Apps 脚本和 Javascript 的内容。
这是我拥有的一个有效的 Google Apps 脚本示例。它需要一个电子邮件地址作为输入,returns 用户的全名。
var consumerKey = "domain.com";
var consumerSecret = "xxxxxxxxxxxxxxxxxxxxxxxx";
var publicApiAccessKey = 'xxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxx';
function getUsersName(email) {
var name = '';
try {
var url = 'https://www.googleapis.com/admin/directory/v1/users/' + email + '?key=' + publicApiAccessKey;
var scope = "https://www.googleapis.com/auth/admin.directory.user.readonly";
var fetchArgs = googleOAuth_("Users",scope);
fetchArgs.method = "GET";
fetchArgs.muteHttpExceptions=true;
var userJson = UrlFetchApp.fetch(url, fetchArgs);
var userObject = JSON.parse(userJson);
name = userObject.name.fullName;
} catch(e) {
// send failure email
}
return name;
}
function googleOAuth_(name,scope) {
var oAuthConfig = UrlFetchApp.addOAuthService(name);
oAuthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope=" + scope);
oAuthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
oAuthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");
oAuthConfig.setConsumerKey(consumerKey);
oAuthConfig.setConsumerSecret(consumerSecret);
return {oAuthServiceName:name, oAuthUseToken:'always'};
}
当我 运行 它时,我收到这些警告提示,确认我的 Google Apps 脚本使用的代码已被弃用,应该被替换:
以下是 Google 发出的通知客户已弃用服务的电子邮件文本:
Reminder for ClientLogin, OAuth 1.0, AuthSub, and OpenID 2.0 shutdown Hello Administrator,
Over the past few years, we announced that ClientLogin, OAuth 1.0 (3LO), AuthSub, and OpenID 2.0 are deprecated and will shut down on April 20, 2015. Google is moving away from these older protocols in order to focus our support on the latest Internet standards, OAuth 2.0 and OpenID Connect.
Analysis of our logs leads us to believe that your domain domain.com operates one or more applications that still use one of these deprecated protocols. You need to ensure that your applications use our supported authentication methods: OAuth 2.0 for API authorization or OpenID Connect for federated authentication. The easiest way to migrate to these new standards is to use the Google Sign-in SDKs (see the migration documentation). Google Sign-in is built on top of our OAuth 2.0 and OpenID Connect infrastructure and provides a single interface for authentication and authorization flows on Web, Android and iOS.
If the migration for these applications is not completed before the deadline, the application will experience an outage in its ability to connect to Google (possibly including the ability to sign in) until the migration to a supported authentication protocol occurs. To avoid any interruptions in service, it is critical that you work to migrate prior to the shutdown date.
If you need to migrate your integration with Google:
Migrate from OpenID 2.0 to Google Sign-in (OpenID Connect). Migrate from OAuth 1.0 to OAuth 2.0. For AuthSub and ClientLogin, there is no migration support. You’ll need to start fresh with OAuth 2.0 and users need to re-consent. If you have any technical questions about migrating your application, please post questions to Stack Overflow under the tag google-oauth or google-openid. Please keep in mind that Stack Overflow is a publicly viewable forum. Our engineers will be regularly notified of any posted questions.
我阅读了 Migrating from OAuth 1.0 to OAuth 2.0 部分,但我仍然不知道我应该做什么。我需要具体了解我需要在上面的代码中更改哪些内容才能让我的脚本在 4 月 20 日(下周一)之后继续工作。
转换需要 2 个步骤:
1) 您需要在脚本中添加 Oauth2 webflow。您可以在以下位置获取 google 开发的库来执行此操作: https://github.com/googlesamples/apps-script-oauth2
查看此存储库中的 README.MD 以了解如何设置。
2) 更改您的调用以使用 Oauth2 令牌:
function getUsersName(email) {
var token = oauth2Service().getAccessToken(); //this will be setup from step 1
var name = '';
try {
var url = 'https://www.googleapis.com/admin/directory/v1/users/' + email;
var parameters = { method : 'get',
headers : {'Authorization': 'Bearer '+ token},
contentType:'application/json',
muteHttpExceptions:true};
var userJson = UrlFetchApp.fetch(url, parameters);
var userObject = JSON.parse(userJson);
name = userObject.name.fullName;
} catch(e) {
// send failure email
}
return name;
}