是否可以使用 json 密钥而不是 p12 密钥来获取服务帐户凭据?
Is it possible to use json key instead of p12 key for service account credentials?
我正在使用 "Google.Apis.Bigquery.v2 Client Library" 和 C#。
我正在使用 "Service Account" 授权 Google BigQuery(参见 http://www.afterlogic.com/mailbee-net/docs/OAuth2GoogleServiceAccounts.html)。要创建 X509 证书,我使用 Google 开发者控制台中的 p12 密钥。但是,现在 json 键是默认键。我可以用它代替 p12 密钥吗?
我有以下代码:
string serviceAccountEmail = "xxxx@developer.gserviceaccount.com";
X509Certificate2 certificate;
using (Stream stream = new FileStream(@"C:\key.p12", FileMode.Open, FileAccess.Read, FileShare.Read))
{
using (MemoryStream ms = new MemoryStream())
{
stream.CopyTo(ms);
certificate = new X509Certificate2(ms.ToArray(), "notasecret", X509KeyStorageFlags.Exportable);
}
}
// Create credentials
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] {
BigqueryService.Scope.Bigquery,
BigqueryService.Scope.CloudPlatform,
},
}.FromCertificate(certificate));
// Create the service
BaseClientService.Initializer initializer = new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "My Application",
GZipEnabled = true,
};
BigqueryService service = new BigqueryService(initializer);
var projects = service.Projects.List().Execute();
我得到了 link,这表明 C# 应用程序中使用 JSON 文件的服务帐户身份验证尚未添加到 Google BigQuery API 中.
https://github.com/google/google-api-dotnet-client/issues/533
现在可以(我使用了 Google API 的 v 1.13.1.0)。
BigQuery 示例:
GoogleCredential credential;
using (Stream stream = new FileStream(@"C:\mykey.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
credential = GoogleCredential.FromStream(stream);
}
string[] scopes = new string[] {
BigqueryService.Scope.Bigquery,
BigqueryService.Scope.CloudPlatform,
};
credential = credential.CreateScoped(scopes);
BaseClientService.Initializer initializer = new BaseClientService.Initializer()
{
HttpClientInitializer = (IConfigurableHttpClientInitializer)credential,
ApplicationName = "My Application",
GZipEnabled = true,
};
BigqueryService service = new BigqueryService(initializer);
Google 工作表示例:
GoogleCredential credential;
using (Stream stream = new FileStream(@"mykey.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
credential = GoogleCredential.FromStream(stream);
}
credential = credential.CreateScoped(new[] {
"https://spreadsheets.google.com/feeds",
"https://docs.google.com/feeds" });
string bearer;
try
{
Task<string> task = ((ITokenAccess)credential).GetAccessTokenForRequestAsync();
task.Wait();
bearer = task.Result;
}
catch (AggregateException ex)
{
throw ex.InnerException;
}
GDataRequestFactory requestFactory = new GDataRequestFactory("My Application");
requestFactory.CustomHeaders.Add(string.Format(CultureInfo.InvariantCulture, "Authorization: Bearer {0}", bearer));
SpreadsheetsService service = new SpreadsheetsService("My Application");
service.RequestFactory = requestFactory;
这对我有用:
var scopes = new[] { DriveService.Scope.Drive };
ServiceAccountCredential credential;
using (Stream stream = new FileStream(@"C:\path\key.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
credential =
GoogleCredential.FromStream(stream).CreateScoped(scopes).UnderlyingCredential as
ServiceAccountCredential;
}
显然,您将为 scopes 变量和密钥文件的路径提供自己的值。您还需要获取 Google.Apis.Auth.OAuth2 Nuget 包以及您计划使用凭据的任何其他服务特定包(在我的例子中是 Google.Apis.Drive.v3)。
我正在使用 "Google.Apis.Bigquery.v2 Client Library" 和 C#。
我正在使用 "Service Account" 授权 Google BigQuery(参见 http://www.afterlogic.com/mailbee-net/docs/OAuth2GoogleServiceAccounts.html)。要创建 X509 证书,我使用 Google 开发者控制台中的 p12 密钥。但是,现在 json 键是默认键。我可以用它代替 p12 密钥吗?
我有以下代码:
string serviceAccountEmail = "xxxx@developer.gserviceaccount.com";
X509Certificate2 certificate;
using (Stream stream = new FileStream(@"C:\key.p12", FileMode.Open, FileAccess.Read, FileShare.Read))
{
using (MemoryStream ms = new MemoryStream())
{
stream.CopyTo(ms);
certificate = new X509Certificate2(ms.ToArray(), "notasecret", X509KeyStorageFlags.Exportable);
}
}
// Create credentials
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] {
BigqueryService.Scope.Bigquery,
BigqueryService.Scope.CloudPlatform,
},
}.FromCertificate(certificate));
// Create the service
BaseClientService.Initializer initializer = new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "My Application",
GZipEnabled = true,
};
BigqueryService service = new BigqueryService(initializer);
var projects = service.Projects.List().Execute();
我得到了 link,这表明 C# 应用程序中使用 JSON 文件的服务帐户身份验证尚未添加到 Google BigQuery API 中.
https://github.com/google/google-api-dotnet-client/issues/533
现在可以(我使用了 Google API 的 v 1.13.1.0)。
BigQuery 示例:
GoogleCredential credential;
using (Stream stream = new FileStream(@"C:\mykey.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
credential = GoogleCredential.FromStream(stream);
}
string[] scopes = new string[] {
BigqueryService.Scope.Bigquery,
BigqueryService.Scope.CloudPlatform,
};
credential = credential.CreateScoped(scopes);
BaseClientService.Initializer initializer = new BaseClientService.Initializer()
{
HttpClientInitializer = (IConfigurableHttpClientInitializer)credential,
ApplicationName = "My Application",
GZipEnabled = true,
};
BigqueryService service = new BigqueryService(initializer);
Google 工作表示例:
GoogleCredential credential;
using (Stream stream = new FileStream(@"mykey.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
credential = GoogleCredential.FromStream(stream);
}
credential = credential.CreateScoped(new[] {
"https://spreadsheets.google.com/feeds",
"https://docs.google.com/feeds" });
string bearer;
try
{
Task<string> task = ((ITokenAccess)credential).GetAccessTokenForRequestAsync();
task.Wait();
bearer = task.Result;
}
catch (AggregateException ex)
{
throw ex.InnerException;
}
GDataRequestFactory requestFactory = new GDataRequestFactory("My Application");
requestFactory.CustomHeaders.Add(string.Format(CultureInfo.InvariantCulture, "Authorization: Bearer {0}", bearer));
SpreadsheetsService service = new SpreadsheetsService("My Application");
service.RequestFactory = requestFactory;
这对我有用:
var scopes = new[] { DriveService.Scope.Drive };
ServiceAccountCredential credential;
using (Stream stream = new FileStream(@"C:\path\key.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
credential =
GoogleCredential.FromStream(stream).CreateScoped(scopes).UnderlyingCredential as
ServiceAccountCredential;
}
显然,您将为 scopes 变量和密钥文件的路径提供自己的值。您还需要获取 Google.Apis.Auth.OAuth2 Nuget 包以及您计划使用凭据的任何其他服务特定包(在我的例子中是 Google.Apis.Drive.v3)。