在 Google 张应用程序中进行身份验证
Authenticating in a Google sheets application
我有一个类似批处理的应用程序,它由调度程序定期调用,没有人类用户参与。它使用 Perl Net::Google::Spreadsheets 包通过从数据库中获取的数据更新 Google 张电子表格中的一些单元格。
很长一段时间以来,只需向包的 'new' 方法提供用户名和密码即可轻松验证自身。但最近,Google 要求我们使用 OAuth2 协议进行身份验证。
J.T. provided 我相信这对许多比我知识渊博的人很有帮助。但是,如果有人可以回答一些问题来澄清它,我将不胜感激,如下所示:
创建凭据:在 Google 开发人员控制台中创建项目并要求创建新的客户端 ID 后,您会看到三个选项:
- 对于"Web Application"(然后要求提供"Authorized JavaScript origins"和"Authorized redirect URIs"。这些与我的情况相关吗?)
- 对于"Service Account"(我怀疑这是我的选择,但没有以下问题的答案我无法验证。)
- 对于"Installed application"(有人可以举例说明吗?)
我应该选择哪一个5月申请?
我应该要 JSON 还是 P12 密钥?
我如何处理我得到的各种类型的实体?我要在 Perl 脚本中嵌入什么?
在第 13 行,J.T 评论说 "you will need to put code here and receive a token"。什么样的代码?在做什么?
由于没有人类用户,我需要应用程序自己完成完整的身份验证过程。 J.T. 的代码提示用户输入 'code'。此代码是 "credentials" 实体之一吗?我该怎么做?
换句话说,我需要有人一步一步地温柔地引导我完成整个过程。
谢谢大家!
梅尔格
我也经历过这个,一开始不太了解,所以我很乐意帮忙解释一下。以下是答案,但请随时要求澄清。基本上,您首先需要 运行 一个需要手动干预的脚本 - 这让您可以从 Google 获得一个访问令牌,然后您的 batch-like 脚本可以在没有人工干预的情况下反复使用它。所以你必须在开始时跳过一些障碍,但一旦完成,你就准备好了。所以:
- 选择“网络应用程序”。不直观,但它会起作用。
1b。系统会要求您配置“同意屏幕”。你在这里放什么并不重要 - 只需给项目一个标题。
1c。对于“redirect uri”,删除提供的“example.com”值并输入“https://developers.google.com/oauthplayground”.
忽略JSON和P12键;它们用于其他类型的应用程序。填写以上信息并单击“创建客户端 ID”后,您将看到一个显示客户端 ID 和客户端密码的页面(暂停后)。这些是您在下面的代码中需要的两个字符串。
下面的代码基本上与您上面链接的解决方案相同(我非常依赖它),但我对其进行了编辑以更改一些内容,主要是为了提供有关正在发生的事情的更多信息。将您的客户端 ID 和客户端密码添加到下面的代码后,运行 它。然后您将完成以下步骤:
- 复制脚本打印出来的 URL,然后将其粘贴到浏览器中。
- 如果要求您登录 Google。然后在下一页点击“允许访问”。
- 在浏览器的下一页中,左侧会有一个标有“授权码”的框。 (像这样:https://members.orcid.org/sites/default/files/image06.png但是你的授权码会更长。)不要点击代码下面的按钮,但是要复制那个字符串,确保得到整个东西(它可能会在对话框中延伸到看不见的地方)。
- 返回您 运行 脚本所在的终端,然后粘贴您复制的代码。
如果一切顺利,脚本将用该代码交换访问令牌,并将令牌保存在磁盘上。然后您的批处理脚本可以重复使用该令牌。
这是执行所有这些操作的扩展代码:
#!/usr/bin/perl
# Code to get a web-based token that can be stored
# and used later to authorize our spreadsheet access.
# Based on code from https://gist.github.com/hexaddikt/6738162
#-------------------------------------------------------------------
# To use this code:
# 1. Edit the lines below to put in your own
# client_id and client_secret from Google.
# 2. Run this script and follow the directions on
# the screen, which will give step you
# through the following steps:
# 3. Copy the URL printed out, and paste
# the URL in a browser to load the page.
# 4. On the resulting page, click OK (possibly
# after being asked to log in to your Google
# account).
# 5. You will be redirected to a page that provides
# a code that you should copy and paste back into the
# terminal window, so this script can exchange it for
# an access token from Google, and store the token.
# That will be the token the other spreadsheet access
# code can use.
use Net::Google::DataAPI::Auth::OAuth2;
use Net::Google::Spreadsheets;
use Storable; #to save and restore token for future use
use Term::Prompt;
# Provide the filename in which we will store the access
# token. This file will also need to be readable by the
# other script that accesses the spreadsheet and parses
# the contents.
my $session_filename = "stored_google_access.session";
# Code for accessing your Google account. The required client_id
# and client_secret can be found in your Google Developer's console
# page, as described in the detailed instruction document. This
# block of code will also need to appear in the other script that
# accesses the spreadsheet.
# Be sure to edit the lines below to fill in your correct client
# id and client secret!
my $oauth2 = Net::Google::DataAPI::Auth::OAuth2->new(
client_id => 'your_client_id.apps.googleusercontent.com',
client_secret => 'your_client_secret',
scope => ['http://spreadsheets.google.com/feeds/'],
redirect_uri => 'https://developers.google.com/oauthplayground',
);
# We need to set these parameters this way in order to ensure
# that we get not only an access token, but also a refresh token
# that can be used to update it as needed.
my $url = $oauth2->authorize_url(access_type => 'offline',
approval_prompt => 'force');
# Give the user instructions on what to do:
print <<END
The following URL can be used to obtain an access token from
Google.
1. Copy the URL and paste it into a browser.
2. You may be asked to log into your Google account if you
were not logged in already in that browser. If so, go
ahead and log in to whatever account you want to have
access to the Google doc.
3. On the next page, click "Accept" when asked to grant access.
4. You will then be redirected to a page with a box in the
left-hand column labeled "Authorization code".
Copy the code in that box and come back here.
Here is the URL to paste in your browser to get the code:
$url
END
;
# Here is where we get the code from the user:
my $code = prompt('x', 'Paste the code obtained at the above URL here: ', '', '');
# Exchange the code for an access token:
my $token = $oauth2->get_access_token($code) or die;
# If we get to here, it worked! Report success:
print "\nToken obtained successfully!\n";
print "Here are the token contents (just FYI):\n\n";
print $token->to_string, "\n";
# Save the token for future use:
my $session = $token->session_freeze;
store($session, $session_filename);
print <<END2
Token successfully stored in file $session_filename.
Use that filename in your spreadsheet-access script to
load the token as needed for access to the spreadsheet data.
END2
;
一旦你开始工作并将令牌存储在磁盘上,那么你的批处理脚本的开头就可以像这样设置电子表格访问:
use Net::Google::Spreadsheets;
use Net::Google::DataAPI::Auth::OAuth2;
use Net::OAuth2::AccessToken;
use Storable;
# Authentication code based on example from gist at
# https://gist.github.com/hexaddikt/6738247
# Get the token that we saved previously in order to authenticate:
my $session_filename = "stored_google_access.session";
# Be sure to edit the lines below to fill in your correct client
# id and client secret!
my $oauth2 = Net::Google::DataAPI::Auth::OAuth2->new(
client_id => 'your_client_id.apps.googleusercontent.com',
client_secret => 'your_client_secret',
scope => ['http://spreadsheets.google.com/feeds/'],
redirect_uri => 'https://developers.google.com/oauthplayground',
);
# Deserialize the file so we can thaw the session and reuse the refresh token
my $session = retrieve($sessionfile);
my $restored_token = Net::OAuth2::AccessToken->session_thaw($session,
auto_refresh => 1,
profile => $oauth2->oauth2_webserver,
);
$oauth2->access_token($restored_token);
# Now we can use this token to access the spreadsheets
# in our account:
my $service = Net::Google::Spreadsheets->new(
auth => $oauth2);
我有一个类似批处理的应用程序,它由调度程序定期调用,没有人类用户参与。它使用 Perl Net::Google::Spreadsheets 包通过从数据库中获取的数据更新 Google 张电子表格中的一些单元格。
很长一段时间以来,只需向包的 'new' 方法提供用户名和密码即可轻松验证自身。但最近,Google 要求我们使用 OAuth2 协议进行身份验证。
J.T. provided
创建凭据:在 Google 开发人员控制台中创建项目并要求创建新的客户端 ID 后,您会看到三个选项:
- 对于"Web Application"(然后要求提供"Authorized JavaScript origins"和"Authorized redirect URIs"。这些与我的情况相关吗?)
- 对于"Service Account"(我怀疑这是我的选择,但没有以下问题的答案我无法验证。)
- 对于"Installed application"(有人可以举例说明吗?)
我应该选择哪一个5月申请?
我应该要 JSON 还是 P12 密钥?
我如何处理我得到的各种类型的实体?我要在 Perl 脚本中嵌入什么?
在第 13 行,J.T 评论说 "you will need to put code here and receive a token"。什么样的代码?在做什么?
由于没有人类用户,我需要应用程序自己完成完整的身份验证过程。 J.T. 的代码提示用户输入 'code'。此代码是 "credentials" 实体之一吗?我该怎么做?
换句话说,我需要有人一步一步地温柔地引导我完成整个过程。
谢谢大家!
梅尔格
我也经历过这个,一开始不太了解,所以我很乐意帮忙解释一下。以下是答案,但请随时要求澄清。基本上,您首先需要 运行 一个需要手动干预的脚本 - 这让您可以从 Google 获得一个访问令牌,然后您的 batch-like 脚本可以在没有人工干预的情况下反复使用它。所以你必须在开始时跳过一些障碍,但一旦完成,你就准备好了。所以:
- 选择“网络应用程序”。不直观,但它会起作用。
1b。系统会要求您配置“同意屏幕”。你在这里放什么并不重要 - 只需给项目一个标题。
1c。对于“redirect uri”,删除提供的“example.com”值并输入“https://developers.google.com/oauthplayground”.
忽略JSON和P12键;它们用于其他类型的应用程序。填写以上信息并单击“创建客户端 ID”后,您将看到一个显示客户端 ID 和客户端密码的页面(暂停后)。这些是您在下面的代码中需要的两个字符串。
下面的代码基本上与您上面链接的解决方案相同(我非常依赖它),但我对其进行了编辑以更改一些内容,主要是为了提供有关正在发生的事情的更多信息。将您的客户端 ID 和客户端密码添加到下面的代码后,运行 它。然后您将完成以下步骤:
- 复制脚本打印出来的 URL,然后将其粘贴到浏览器中。
- 如果要求您登录 Google。然后在下一页点击“允许访问”。
- 在浏览器的下一页中,左侧会有一个标有“授权码”的框。 (像这样:https://members.orcid.org/sites/default/files/image06.png但是你的授权码会更长。)不要点击代码下面的按钮,但是要复制那个字符串,确保得到整个东西(它可能会在对话框中延伸到看不见的地方)。
- 返回您 运行 脚本所在的终端,然后粘贴您复制的代码。
如果一切顺利,脚本将用该代码交换访问令牌,并将令牌保存在磁盘上。然后您的批处理脚本可以重复使用该令牌。
这是执行所有这些操作的扩展代码:
#!/usr/bin/perl
# Code to get a web-based token that can be stored
# and used later to authorize our spreadsheet access.
# Based on code from https://gist.github.com/hexaddikt/6738162
#-------------------------------------------------------------------
# To use this code:
# 1. Edit the lines below to put in your own
# client_id and client_secret from Google.
# 2. Run this script and follow the directions on
# the screen, which will give step you
# through the following steps:
# 3. Copy the URL printed out, and paste
# the URL in a browser to load the page.
# 4. On the resulting page, click OK (possibly
# after being asked to log in to your Google
# account).
# 5. You will be redirected to a page that provides
# a code that you should copy and paste back into the
# terminal window, so this script can exchange it for
# an access token from Google, and store the token.
# That will be the token the other spreadsheet access
# code can use.
use Net::Google::DataAPI::Auth::OAuth2;
use Net::Google::Spreadsheets;
use Storable; #to save and restore token for future use
use Term::Prompt;
# Provide the filename in which we will store the access
# token. This file will also need to be readable by the
# other script that accesses the spreadsheet and parses
# the contents.
my $session_filename = "stored_google_access.session";
# Code for accessing your Google account. The required client_id
# and client_secret can be found in your Google Developer's console
# page, as described in the detailed instruction document. This
# block of code will also need to appear in the other script that
# accesses the spreadsheet.
# Be sure to edit the lines below to fill in your correct client
# id and client secret!
my $oauth2 = Net::Google::DataAPI::Auth::OAuth2->new(
client_id => 'your_client_id.apps.googleusercontent.com',
client_secret => 'your_client_secret',
scope => ['http://spreadsheets.google.com/feeds/'],
redirect_uri => 'https://developers.google.com/oauthplayground',
);
# We need to set these parameters this way in order to ensure
# that we get not only an access token, but also a refresh token
# that can be used to update it as needed.
my $url = $oauth2->authorize_url(access_type => 'offline',
approval_prompt => 'force');
# Give the user instructions on what to do:
print <<END
The following URL can be used to obtain an access token from
Google.
1. Copy the URL and paste it into a browser.
2. You may be asked to log into your Google account if you
were not logged in already in that browser. If so, go
ahead and log in to whatever account you want to have
access to the Google doc.
3. On the next page, click "Accept" when asked to grant access.
4. You will then be redirected to a page with a box in the
left-hand column labeled "Authorization code".
Copy the code in that box and come back here.
Here is the URL to paste in your browser to get the code:
$url
END
;
# Here is where we get the code from the user:
my $code = prompt('x', 'Paste the code obtained at the above URL here: ', '', '');
# Exchange the code for an access token:
my $token = $oauth2->get_access_token($code) or die;
# If we get to here, it worked! Report success:
print "\nToken obtained successfully!\n";
print "Here are the token contents (just FYI):\n\n";
print $token->to_string, "\n";
# Save the token for future use:
my $session = $token->session_freeze;
store($session, $session_filename);
print <<END2
Token successfully stored in file $session_filename.
Use that filename in your spreadsheet-access script to
load the token as needed for access to the spreadsheet data.
END2
;
一旦你开始工作并将令牌存储在磁盘上,那么你的批处理脚本的开头就可以像这样设置电子表格访问:
use Net::Google::Spreadsheets;
use Net::Google::DataAPI::Auth::OAuth2;
use Net::OAuth2::AccessToken;
use Storable;
# Authentication code based on example from gist at
# https://gist.github.com/hexaddikt/6738247
# Get the token that we saved previously in order to authenticate:
my $session_filename = "stored_google_access.session";
# Be sure to edit the lines below to fill in your correct client
# id and client secret!
my $oauth2 = Net::Google::DataAPI::Auth::OAuth2->new(
client_id => 'your_client_id.apps.googleusercontent.com',
client_secret => 'your_client_secret',
scope => ['http://spreadsheets.google.com/feeds/'],
redirect_uri => 'https://developers.google.com/oauthplayground',
);
# Deserialize the file so we can thaw the session and reuse the refresh token
my $session = retrieve($sessionfile);
my $restored_token = Net::OAuth2::AccessToken->session_thaw($session,
auto_refresh => 1,
profile => $oauth2->oauth2_webserver,
);
$oauth2->access_token($restored_token);
# Now we can use this token to access the spreadsheets
# in our account:
my $service = Net::Google::Spreadsheets->new(
auth => $oauth2);