使用服务帐户凭据通过 Google 人 api 访问 Gmail 联系人始终返回 null
Accessing Gmail contacts via the Google People api using service account credentials always returning null
无法使用以下代码访问 Gmail 联系人始终 returns 无效,所有 api 权限都授予帐户内的联系人
string jsonText = @"{""type"": ""service_account"",
""project_id"": """",
""private_key_id"": """",
""private_key"": """",
""client_email"": """",
""client_id"": """",
""auth_uri"": """",
""token_uri"": """",
""auth_provider_x509_cert_url"": """",
""client_x509_cert_url"": """"
}";
var credentialParameters = NewtonsoftJsonSerializer.Instance.Deserialize<JsonCredentialParameters>(jsonText);
//Credentials
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(credentialParameters.ClientEmail)
{
User = credentialParameters.ClientEmail,
Scopes = new[] { "https://www.googleapis.com/auth/contacts.readonly", "https://www.googleapis.com/auth/contacts", "https://www.googleapis.com/auth/contacts.other.readonly " }
}.FromPrivateKey(credentialParameters.PrivateKey));
//accessToken
var accessToken = await credential.GetAccessTokenForRequestAsync();
// Create the service.
var service = new PeopleServiceService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
GoogleCredential googleCredentials = GoogleCredential.FromJson(jsonText);
var ser = new PeopleServiceService(new BaseClientService.Initializer()
{
HttpClientInitializer = googleCredentials,
});
// Get list of contacts
ConnectionsResource.ListRequest peopleRequest = ser.People.Connections.List("people/me");
peopleRequest.PersonFields = "names,emailAddresses";
ListConnectionsResponse response = peopleRequest.Execute();
IList<Person> people = response.Connections;
旁注:
Cannot access Gmail contacts
不清楚您使用的是标准 Gmail 帐户还是使用 Google Workspace。您应该知道,服务帐户不会与标准 Gmail 用户的联系人一起使用。没有工作空间就无法委托权限。
记住服务帐户不是您。服务帐户是虚拟用户。它返回 null 或空,因为您的服务帐户当前没有任何联系人。您需要添加一些。
但是,如果您尝试访问某个用户的联系人。
为了让服务帐户访问用户数据,您需要委托给该用户。尝试访问 Google 个联系人时,您需要通过您的工作区帐户。工作区管理员可以为您域中的用户设置 domain wide delegation 您想要访问其联系人的用户。
确保您已包含文档中所示的 Domain scope。
然后记得在初始化服务帐户时添加用户,这必须是您为其设置委派的域中的用户。
var serviceAccountCredentialInitializer = new ServiceAccountCredential.Initializer(serviceAccount)
{
User = gsuiteUser,
Scopes = new[] { GmailService.Scope.GmailSend, GmailService.Scope.GmailLabels }
}.FromCertificate(certificate);
无法使用以下代码访问 Gmail 联系人始终 returns 无效,所有 api 权限都授予帐户内的联系人
string jsonText = @"{""type"": ""service_account"",
""project_id"": """",
""private_key_id"": """",
""private_key"": """",
""client_email"": """",
""client_id"": """",
""auth_uri"": """",
""token_uri"": """",
""auth_provider_x509_cert_url"": """",
""client_x509_cert_url"": """"
}";
var credentialParameters = NewtonsoftJsonSerializer.Instance.Deserialize<JsonCredentialParameters>(jsonText);
//Credentials
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(credentialParameters.ClientEmail)
{
User = credentialParameters.ClientEmail,
Scopes = new[] { "https://www.googleapis.com/auth/contacts.readonly", "https://www.googleapis.com/auth/contacts", "https://www.googleapis.com/auth/contacts.other.readonly " }
}.FromPrivateKey(credentialParameters.PrivateKey));
//accessToken
var accessToken = await credential.GetAccessTokenForRequestAsync();
// Create the service.
var service = new PeopleServiceService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
GoogleCredential googleCredentials = GoogleCredential.FromJson(jsonText);
var ser = new PeopleServiceService(new BaseClientService.Initializer()
{
HttpClientInitializer = googleCredentials,
});
// Get list of contacts
ConnectionsResource.ListRequest peopleRequest = ser.People.Connections.List("people/me");
peopleRequest.PersonFields = "names,emailAddresses";
ListConnectionsResponse response = peopleRequest.Execute();
IList<Person> people = response.Connections;
旁注:
Cannot access Gmail contacts
不清楚您使用的是标准 Gmail 帐户还是使用 Google Workspace。您应该知道,服务帐户不会与标准 Gmail 用户的联系人一起使用。没有工作空间就无法委托权限。
记住服务帐户不是您。服务帐户是虚拟用户。它返回 null 或空,因为您的服务帐户当前没有任何联系人。您需要添加一些。
但是,如果您尝试访问某个用户的联系人。
为了让服务帐户访问用户数据,您需要委托给该用户。尝试访问 Google 个联系人时,您需要通过您的工作区帐户。工作区管理员可以为您域中的用户设置 domain wide delegation 您想要访问其联系人的用户。
确保您已包含文档中所示的 Domain scope。
然后记得在初始化服务帐户时添加用户,这必须是您为其设置委派的域中的用户。
var serviceAccountCredentialInitializer = new ServiceAccountCredential.Initializer(serviceAccount)
{
User = gsuiteUser,
Scopes = new[] { GmailService.Scope.GmailSend, GmailService.Scope.GmailLabels }
}.FromCertificate(certificate);