是否可以使用 JWT 令牌从 Google Fitness REST API 中检索数据以进行身份验证?
Can data be retrieved from the Google Fitness REST API using a JWT token to authenticate?
对我之前提出的错误问题表示歉意。
我正在尝试编写一个独立的 NodeJS 应用程序,它从 Google Fit REST API 检索 activity 数据并将其写入本地作为 json 文件。该应用程序将 运行 在无头 raspberry pi 上无人值守,因此没有“浏览器弹出窗口”windows 以便使用 Google 帐户进行身份验证。
我激活了我的 Google Fit API 并创建了服务帐户凭据。在此示例中,我的密钥存储为 MY_KEY.json。现在使用 googleapis 库,我创建了一个使用 MY_KEY.json 签名的 JWT 令牌,并在发送我的请求时使用它进行身份验证。
我收到 API 的回复,但数据为空。 (我知道有数据,因为在具有传统 oauth2 流的浏览器中执行类似的请求 returns 我所有的 activity 数据会话。我想知道是否允许使用服务帐户使用 JWT 令牌进行身份验证以进行健身数据?
这是我的代码:
'use strict';
const {google, fitness_v1} = require('googleapis');
const path = require('path');
const fs = require('fs');
async function runSample() {
// Create a new JWT client using the key file downloaded from the Google Developer Console
const auth = new google.auth.GoogleAuth({
keyFile: path.join(__dirname, 'MY_KEY.json'),
scopes: 'https://www.googleapis.com/auth/fitness.activity.read',
});
const client = await auth.getClient();
// Obtain a new fitness client, making sure you pass along the auth client
const fitness_v1 = google.fitness({
version: 'v1',
auth: client
});
//console.log(client);
const res = await fitness_v1.users.sessions.list({
"userId": "me"
});
fs.writeFile('session.json', JSON.stringify(res.data, null, 4), (err) => {
if (err) {
throw err;
}
console.log("Retrieved sessions are saved as JSON.");
});
console.log(res.data);
return res.data;
}
if (module === require.main) {
runSample().catch(console.error);
}
// Exports for unit testing purposes
module.exports = {runSample};
响应是:
{
session: [],
deletedSession: [],
nextPageToken: 'XmRh96blablablan4yFjZQ'
}
应该是:
{
"session": [
{
"id": "healthkit-D7B3AC93-3739-4E04-978A-C53599D8401E",
"name": "Uni",
"description": "",
"startTimeMillis": "1645651234280",
"endTimeMillis": "1645676584280",
"modifiedTimeMillis": "1645676989684",
"application": {
"packageName": "com.apple.workout",
"version": "",
"detailsUrl": ""
},
"activityType": 72
},
{
"id": "healthkit-3691B45B-9D51-4C14-ACC6-EC9DB48B5F23",
"name": "Juoksu",
"description": "",
"startTimeMillis": "1647073527249",
"endTimeMillis": "1647075778248",
"modifiedTimeMillis": "1647076769108",
"application": {
"packageName": "runkeeperpro",
"version": "",
"detailsUrl": ""
},
"activityType": 56
}
],
"deletedSession": [],
"nextPageToken": "XmRh96blablablan4yFjZQ"
}
有什么建议吗?提前致谢。
根据Addendum: Service account authorization without OAuth:
With some Google APIs, you can make authorized API calls using a signed JWT directly as a bearer token, rather than an OAuth 2.0 access token. (snip)
If the API you want to call has a service definition published in the Google APIs GitHub repository, you can make authorized API calls using a JWT instead of an access token.
Fit 没有这样的服务定义,所以很遗憾,答案是您不能使用 JWT。
对我之前提出的错误问题表示歉意。
我正在尝试编写一个独立的 NodeJS 应用程序,它从 Google Fit REST API 检索 activity 数据并将其写入本地作为 json 文件。该应用程序将 运行 在无头 raspberry pi 上无人值守,因此没有“浏览器弹出窗口”windows 以便使用 Google 帐户进行身份验证。
我激活了我的 Google Fit API 并创建了服务帐户凭据。在此示例中,我的密钥存储为 MY_KEY.json。现在使用 googleapis 库,我创建了一个使用 MY_KEY.json 签名的 JWT 令牌,并在发送我的请求时使用它进行身份验证。
我收到 API 的回复,但数据为空。 (我知道有数据,因为在具有传统 oauth2 流的浏览器中执行类似的请求 returns 我所有的 activity 数据会话。我想知道是否允许使用服务帐户使用 JWT 令牌进行身份验证以进行健身数据?
这是我的代码:
'use strict';
const {google, fitness_v1} = require('googleapis');
const path = require('path');
const fs = require('fs');
async function runSample() {
// Create a new JWT client using the key file downloaded from the Google Developer Console
const auth = new google.auth.GoogleAuth({
keyFile: path.join(__dirname, 'MY_KEY.json'),
scopes: 'https://www.googleapis.com/auth/fitness.activity.read',
});
const client = await auth.getClient();
// Obtain a new fitness client, making sure you pass along the auth client
const fitness_v1 = google.fitness({
version: 'v1',
auth: client
});
//console.log(client);
const res = await fitness_v1.users.sessions.list({
"userId": "me"
});
fs.writeFile('session.json', JSON.stringify(res.data, null, 4), (err) => {
if (err) {
throw err;
}
console.log("Retrieved sessions are saved as JSON.");
});
console.log(res.data);
return res.data;
}
if (module === require.main) {
runSample().catch(console.error);
}
// Exports for unit testing purposes
module.exports = {runSample};
响应是:
{
session: [],
deletedSession: [],
nextPageToken: 'XmRh96blablablan4yFjZQ'
}
应该是:
{
"session": [
{
"id": "healthkit-D7B3AC93-3739-4E04-978A-C53599D8401E",
"name": "Uni",
"description": "",
"startTimeMillis": "1645651234280",
"endTimeMillis": "1645676584280",
"modifiedTimeMillis": "1645676989684",
"application": {
"packageName": "com.apple.workout",
"version": "",
"detailsUrl": ""
},
"activityType": 72
},
{
"id": "healthkit-3691B45B-9D51-4C14-ACC6-EC9DB48B5F23",
"name": "Juoksu",
"description": "",
"startTimeMillis": "1647073527249",
"endTimeMillis": "1647075778248",
"modifiedTimeMillis": "1647076769108",
"application": {
"packageName": "runkeeperpro",
"version": "",
"detailsUrl": ""
},
"activityType": 56
}
],
"deletedSession": [],
"nextPageToken": "XmRh96blablablan4yFjZQ"
}
有什么建议吗?提前致谢。
根据Addendum: Service account authorization without OAuth:
With some Google APIs, you can make authorized API calls using a signed JWT directly as a bearer token, rather than an OAuth 2.0 access token. (snip)
If the API you want to call has a service definition published in the Google APIs GitHub repository, you can make authorized API calls using a JWT instead of an access token.
Fit 没有这样的服务定义,所以很遗憾,答案是您不能使用 JWT。