Gmail Api 请求的身份验证范围不足
Gmail Api Request had insufficient authentication scopes
我正在尝试使用 Gmail API 阅读电子邮件,但我遇到了 权限不足 问题。
注意:我已将范围设置为阅读电子邮件。
ManiFestFile.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.hatsoff.glogin">
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/Theme.GLogin">
<activity
android:name=".MainActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
我已创建 GoogleSignInOptions
以动态获取电子邮件地址或用户。
//assign googleAuth
googleAuth = new GoogleAuth();
// request for google email
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestScopes(new Scope(Scopes.DRIVE_APPFOLDER))
.requestIdToken(getString(R.string.server_client_id))
.requestServerAuthCode(getString(R.string.server_client_id))
.requestEmail()
.build();
// google_signing object to store gso.
mGoogleSignInClient = GoogleSignIn.getClient(getApplicationContext(), gso);
当用户 select 来自 gsoGoogleSignInOptions 对话框的 GoogleAccount 时调用此 someActivityResultLauncher。
//google Dialog click event
someActivityResultLauncher = registerForActivityResult(
new ActivityResultContracts.StartActivityForResult(),
new ActivityResultCallback<ActivityResult>() {
@Override
public void onActivityResult(ActivityResult result) {
if (result.getResultCode() == RESULT_OK) {
System.out.println("ActivityResult: " + result.getResultCode());
Intent data = result.getData();
Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);
authCode = googleAuth.handleSignInResult(task);
if (authCode != null) {
// Signed in successfully
// save AuthCode to sharedPref
}
} else {
System.out.println("ActivityResult: " + result.getResultCode());
}
}
});
为了获取 AccessToken,我正在使用 GoogleTokenResponse
。
阅读邮件class
public class ReadMails extends AsyncTask<String, Void, String> {
@Override
protected String doInBackground(String... strings) {
SharedPreferences AuthCodePre = getSharedPreferences("oAuth", MODE_PRIVATE);
if (!AuthCodePre.getString("Auth", "").equals("")) {
try {
String MailBody = "";
// Load client secrets.
AssetManager am = getAssets();
InputStream in = am.open("credentials.json");
if (in == null) {
throw new FileNotFoundException("Resource not found: " + in);
}
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
final NetHttpTransport HTTP_TRANSPORT = new com.google.api.client.http.javanet.NetHttpTransport();
GoogleTokenResponse tokenResponse =
new GoogleAuthorizationCodeTokenRequest(
HTTP_TRANSPORT,
JSON_FACTORY,
"https://oauth2.googleapis.com/token",
clientSecrets.getDetails().getClientId(),
clientSecrets.getDetails().getClientSecret(),
AuthCodePre.getString("Auth", ""),
"http://localhost")
.setScopes(Arrays.asList(SCOPES))
.execute();
String accessToken = tokenResponse.getAccessToken();
// Use access token to call API
Credential credential = new GoogleCredential.Builder().setTransport(new com.google.api.client.http.javanet.NetHttpTransport())
.setJsonFactory(JSON_FACTORY)
.setClientSecrets(clientSecrets.getDetails().getClientId(), clientSecrets.getDetails().getClientSecret())
.build()
.setAccessToken(accessToken);
// Build a new authorized API client service.
Gmail service = new Gmail.Builder(new NetHttpTransport(), JacksonFactory.getDefaultInstance(), credential)
.setApplicationName(APPLICATION_NAME)
.build();
//Access gmail inbox
Gmail.Users.Messages.List RequestList = service.users().messages().list(user).setQ("from:abcd@gmail.com");
ListMessagesResponse listMessagesResponse = RequestList.setMaxResults(100L).execute();
RequestList.setPageToken(listMessagesResponse.getNextPageToken());
//Get id of search email
for (int i = 0; i < listMessagesResponse.getMessages().size(); i++) {
String SEmailID = listMessagesResponse.getMessages().get(i).getId();
com.google.api.services.gmail.model.Message message = service.users().messages().get(user, SEmailID).execute();
//read email body
MessagePart msgpart = message.getPayload();
List<MessagePart> bodyParts = new ArrayList<>();
bodyParts.add(msgpart);
for (int j = 0; j < bodyParts.size(); j++) {
MailBody = StringUtils.newStringUtf8(Base64.decodeBase64(bodyParts.get(j).getBody().getData()));
}
System.out.println("EmailBody:==> " + MailBody);
}
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
} else {
//signIn
someActivityResultLauncher.launch(mGoogleSignInClient.getSignInIntent());
}
return null;
}
}
GoogleAuth.java
public class GoogleAuth {
public String handleSignInResult(Task<GoogleSignInAccount> completedTask) {
try {
GoogleSignInAccount account = completedTask.getResult(ApiException.class);
System.out.println("ServerAuthCode: " + account.getServerAuthCode());
return account.getServerAuthCode();
} catch (ApiException e) {
System.out.println("getStatusCode: " + e);
return null;
}
}
}
错误日志
W/System.err: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Insufficient Permission",
W/System.err: "reason" : "insufficientPermissions"
} ],
"message" : "Request had insufficient authentication scopes.",
"status" : "PERMISSION_DENIED"
}
此行出错:ListMessagesResponse listMessagesResponse = RequestList.setMaxResults(100L).execute();
您已通过
授权您的申请
Scope(Scopes.DRIVE_APPFOLDER)
User.message.list 需要以下范围之一
将范围更改为适当的范围并让您的用户重新授权您的应用程序。同意屏幕需要在用户运行应用程序时显示新范围。
我正在尝试使用 Gmail API 阅读电子邮件,但我遇到了 权限不足 问题。
注意:我已将范围设置为阅读电子邮件。
ManiFestFile.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.hatsoff.glogin">
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/Theme.GLogin">
<activity
android:name=".MainActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
我已创建 GoogleSignInOptions
以动态获取电子邮件地址或用户。
//assign googleAuth
googleAuth = new GoogleAuth();
// request for google email
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestScopes(new Scope(Scopes.DRIVE_APPFOLDER))
.requestIdToken(getString(R.string.server_client_id))
.requestServerAuthCode(getString(R.string.server_client_id))
.requestEmail()
.build();
// google_signing object to store gso.
mGoogleSignInClient = GoogleSignIn.getClient(getApplicationContext(), gso);
当用户 select 来自 gsoGoogleSignInOptions 对话框的 GoogleAccount 时调用此 someActivityResultLauncher。
//google Dialog click event
someActivityResultLauncher = registerForActivityResult(
new ActivityResultContracts.StartActivityForResult(),
new ActivityResultCallback<ActivityResult>() {
@Override
public void onActivityResult(ActivityResult result) {
if (result.getResultCode() == RESULT_OK) {
System.out.println("ActivityResult: " + result.getResultCode());
Intent data = result.getData();
Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);
authCode = googleAuth.handleSignInResult(task);
if (authCode != null) {
// Signed in successfully
// save AuthCode to sharedPref
}
} else {
System.out.println("ActivityResult: " + result.getResultCode());
}
}
});
为了获取 AccessToken,我正在使用 GoogleTokenResponse
。
阅读邮件class
public class ReadMails extends AsyncTask<String, Void, String> {
@Override
protected String doInBackground(String... strings) {
SharedPreferences AuthCodePre = getSharedPreferences("oAuth", MODE_PRIVATE);
if (!AuthCodePre.getString("Auth", "").equals("")) {
try {
String MailBody = "";
// Load client secrets.
AssetManager am = getAssets();
InputStream in = am.open("credentials.json");
if (in == null) {
throw new FileNotFoundException("Resource not found: " + in);
}
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
final NetHttpTransport HTTP_TRANSPORT = new com.google.api.client.http.javanet.NetHttpTransport();
GoogleTokenResponse tokenResponse =
new GoogleAuthorizationCodeTokenRequest(
HTTP_TRANSPORT,
JSON_FACTORY,
"https://oauth2.googleapis.com/token",
clientSecrets.getDetails().getClientId(),
clientSecrets.getDetails().getClientSecret(),
AuthCodePre.getString("Auth", ""),
"http://localhost")
.setScopes(Arrays.asList(SCOPES))
.execute();
String accessToken = tokenResponse.getAccessToken();
// Use access token to call API
Credential credential = new GoogleCredential.Builder().setTransport(new com.google.api.client.http.javanet.NetHttpTransport())
.setJsonFactory(JSON_FACTORY)
.setClientSecrets(clientSecrets.getDetails().getClientId(), clientSecrets.getDetails().getClientSecret())
.build()
.setAccessToken(accessToken);
// Build a new authorized API client service.
Gmail service = new Gmail.Builder(new NetHttpTransport(), JacksonFactory.getDefaultInstance(), credential)
.setApplicationName(APPLICATION_NAME)
.build();
//Access gmail inbox
Gmail.Users.Messages.List RequestList = service.users().messages().list(user).setQ("from:abcd@gmail.com");
ListMessagesResponse listMessagesResponse = RequestList.setMaxResults(100L).execute();
RequestList.setPageToken(listMessagesResponse.getNextPageToken());
//Get id of search email
for (int i = 0; i < listMessagesResponse.getMessages().size(); i++) {
String SEmailID = listMessagesResponse.getMessages().get(i).getId();
com.google.api.services.gmail.model.Message message = service.users().messages().get(user, SEmailID).execute();
//read email body
MessagePart msgpart = message.getPayload();
List<MessagePart> bodyParts = new ArrayList<>();
bodyParts.add(msgpart);
for (int j = 0; j < bodyParts.size(); j++) {
MailBody = StringUtils.newStringUtf8(Base64.decodeBase64(bodyParts.get(j).getBody().getData()));
}
System.out.println("EmailBody:==> " + MailBody);
}
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
} else {
//signIn
someActivityResultLauncher.launch(mGoogleSignInClient.getSignInIntent());
}
return null;
}
}
GoogleAuth.java
public class GoogleAuth {
public String handleSignInResult(Task<GoogleSignInAccount> completedTask) {
try {
GoogleSignInAccount account = completedTask.getResult(ApiException.class);
System.out.println("ServerAuthCode: " + account.getServerAuthCode());
return account.getServerAuthCode();
} catch (ApiException e) {
System.out.println("getStatusCode: " + e);
return null;
}
}
}
错误日志
W/System.err: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Insufficient Permission",
W/System.err: "reason" : "insufficientPermissions"
} ],
"message" : "Request had insufficient authentication scopes.",
"status" : "PERMISSION_DENIED"
}
此行出错:ListMessagesResponse listMessagesResponse = RequestList.setMaxResults(100L).execute();
您已通过
授权您的申请Scope(Scopes.DRIVE_APPFOLDER)
User.message.list 需要以下范围之一
将范围更改为适当的范围并让您的用户重新授权您的应用程序。同意屏幕需要在用户运行应用程序时显示新范围。