OAuth2 库产生 属性 存储配额错误
OAuth2 Library Yields Property Storage Quota Error
我有一个使用 Google's OAuth2 library 的脚本,该脚本最近开始失败并出现错误
You have exceeded the property storage quota. Please remove some properties and try again.
我检查了属性,没有发现与我的原始配置有任何意外差异。我的属性的完整字符串化文本长度约为 5000 个字符,远低于 500kB/property store quota 和最长的单个 属性 ~2500 个字符(低于 9kB/值配额)。
我发现只有当我使用 Google's OAuth2 library 服务帐户时才会出现此错误。但是,如果我直接在我的项目中包含 库 dist,错误就会消失。
如果库和本地副本看起来是相同的版本,为什么属性服务的行为方式不同?
(在我将 OAuth2 库与标准授权代码授予流程一起使用的其他脚本中,我没有遇到任何问题。)
此脚本将重现错误,但需要您 create a service account 并设置正确的脚本属性,如 getAdminDirectory_() 中所定义。 (使用 Rhino 解释器。)
/**
* Get a GSuite User.
*/
function getUser() {
var email = "name@exampledomain.com";
var user = AdminDirectory_getUser_(email);
Logger.log(user);
}
/**
* Gets a user from the GSuite organization by their email address.
* @returns {User} - https://developers.google.com/admin-sdk/directory/v1/reference/users#resource
*/
function AdminDirectory_getUser_(email) {
var service = getAdminDirectory_();
if (service.hasAccess()) {
var url = "https://www.googleapis.com/admin/directory/v1/users/" + email;
var options = {
method: "get",
headers: {
Authorization: "Bearer " + service.getAccessToken()
}
};
var response = UrlFetchApp.fetch(url, options);
var result = JSON.parse(response.getContentText());
return result;
} else {
throw service.getLastError();
}
}
/**
* Configures the service.
*/
function getAdminDirectory_() {
// Get service account from properties
var scriptProperties = PropertiesService.getScriptProperties();
var serviceAccount = JSON.parse(scriptProperties.getProperty("service_account"));
// Email address of the user to impersonate.
var user_email = scriptProperties.getProperty("service_account_user");
return OAuth2.createService("AdminDirectory:" + user_email)
// Set the endpoint URL.
.setTokenUrl("https://oauth2.googleapis.com/token")
// Set the private key and issuer.
.setPrivateKey(serviceAccount.private_key)
.setIssuer(serviceAccount.client_email)
// Set the name of the user to impersonate. This will only work for
// Google Apps for Work/EDU accounts whose admin has setup domain-wide
// delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
.setSubject(user_email)
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(scriptProperties)
// Set the scope. This must match one of the scopes configured during the
// setup of domain-wide delegation.
.setScope("https://www.googleapis.com/auth/admin.directory.user");
}
这似乎是一个已知问题。考虑在 this issue to let Google developers know that you're affected. Consider adding a comment to the tracker with details requested from #7
中添加一颗星(在左上角)
可能的解决方案:
正如问题中所说,直接使用library code by copy pasting而不是使用有问题的库功能。
切换到 v8-#21
等待random/Auto解析-#14
我有一个使用 Google's OAuth2 library 的脚本,该脚本最近开始失败并出现错误
You have exceeded the property storage quota. Please remove some properties and try again.
我检查了属性,没有发现与我的原始配置有任何意外差异。我的属性的完整字符串化文本长度约为 5000 个字符,远低于 500kB/property store quota 和最长的单个 属性 ~2500 个字符(低于 9kB/值配额)。
我发现只有当我使用 Google's OAuth2 library 服务帐户时才会出现此错误。但是,如果我直接在我的项目中包含 库 dist,错误就会消失。
如果库和本地副本看起来是相同的版本,为什么属性服务的行为方式不同?
(在我将 OAuth2 库与标准授权代码授予流程一起使用的其他脚本中,我没有遇到任何问题。)
此脚本将重现错误,但需要您 create a service account 并设置正确的脚本属性,如 getAdminDirectory_() 中所定义。 (使用 Rhino 解释器。)
/**
* Get a GSuite User.
*/
function getUser() {
var email = "name@exampledomain.com";
var user = AdminDirectory_getUser_(email);
Logger.log(user);
}
/**
* Gets a user from the GSuite organization by their email address.
* @returns {User} - https://developers.google.com/admin-sdk/directory/v1/reference/users#resource
*/
function AdminDirectory_getUser_(email) {
var service = getAdminDirectory_();
if (service.hasAccess()) {
var url = "https://www.googleapis.com/admin/directory/v1/users/" + email;
var options = {
method: "get",
headers: {
Authorization: "Bearer " + service.getAccessToken()
}
};
var response = UrlFetchApp.fetch(url, options);
var result = JSON.parse(response.getContentText());
return result;
} else {
throw service.getLastError();
}
}
/**
* Configures the service.
*/
function getAdminDirectory_() {
// Get service account from properties
var scriptProperties = PropertiesService.getScriptProperties();
var serviceAccount = JSON.parse(scriptProperties.getProperty("service_account"));
// Email address of the user to impersonate.
var user_email = scriptProperties.getProperty("service_account_user");
return OAuth2.createService("AdminDirectory:" + user_email)
// Set the endpoint URL.
.setTokenUrl("https://oauth2.googleapis.com/token")
// Set the private key and issuer.
.setPrivateKey(serviceAccount.private_key)
.setIssuer(serviceAccount.client_email)
// Set the name of the user to impersonate. This will only work for
// Google Apps for Work/EDU accounts whose admin has setup domain-wide
// delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
.setSubject(user_email)
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(scriptProperties)
// Set the scope. This must match one of the scopes configured during the
// setup of domain-wide delegation.
.setScope("https://www.googleapis.com/auth/admin.directory.user");
}
这似乎是一个已知问题。考虑在 this issue to let Google developers know that you're affected. Consider adding a comment to the tracker with details requested from #7
中添加一颗星(在左上角)可能的解决方案:
正如问题中所说,直接使用library code by copy pasting而不是使用有问题的库功能。
切换到 v8-#21
等待random/Auto解析-#14