如何使用带有GAS的UrlFetchApp获取访问令牌

时间:2012-06-16 13:17:13

标签: oauth-2.0 google-apps-script google-sites

我正在学习如何将REST端点与Google Apps脚本(GAS)结合使用,并希望获得访问令牌,如示例here

我正在使用Google协作平台,这是脚本

function doGet(e) {
  var app = UiApp.createApplication().setTitle('test OAuth 2.0');

  var mainPanel = app.createVerticalPanel();
  app.add(mainPanel);

  var url = "https://accounts.google.com/o/oauth2/auth" + 
                     "?scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile" +
                     "&state=/profile" +
                     "&redirect_uri=http://<mySite>.com/gas/home/oauth2apis" +
                     "&response_type=token" +
                     "&client_id=812741506391.apps.googleusercontent.com" +
                     "&approval_prompt=force";
  Logger.log("encodeURI(url):"+encodeURI(url));

  try{
    var response = UrlFetchApp.fetch(encodeURI(url));
  }catch(e){
    Logger.log("caught this:" + e);
  }

  Logger.log("Response code:"+response.getResponseCode());
  Logger.log("X-Auto-Login Response code:"+response.getHeaders());

  var returned = app.createTextArea().setHeight(600).setValue(response.getContentText());
  mainPanel.add(returned);
  return app;
}

和Logger.log

Response code:200
X-Auto-Login Response code:({'Cache-control':"no-cache, no-store", Expires:"Mon, 01-Jan-1990 00:00:00 GMT", 'X-XSS-Protection':"1; mode=block", 'Set-Cookie':"GALX=m0d9oxyH-kQ;Path=/;Secure", 'X-Google-Cache-Control':"remote-fetch", Server:"GSE", Pragma:"no-cache", 'X-Content-Type-Options':"nosniff", 'X-Frame-Options':"Deny", 'X-Auto-Login':"realm=com.google&args=service%3Dlso%26continue%3Dhttps%253A%252F%252Faccounts.google.com%252Fo%252Foauth2%252Fauth%253Fresponse_type%253Dtoken%2526scope%253Dhttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Fuserinfo.email%252Bhttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Fuserinfo.profile%2526redirect_uri%253Dhttp%253A%252F%252F<mySite>.com%252Fgas%252Fhome%252Foauth2apis%2526approval_prompt%253Dforce%2526state%253D%252Fprofile%2526client_id%253D812741506391.apps.googleusercontent.com%2526hl%253Den-US%2526from_login%253D1%2526as%253D6991e98fb6d20df3", 'Strict-Transport-Security':"max-age=2592000; includeSubDomains", Date:"Sat, 16 Jun 2012 12:46:26 GMT", Via:"HTTP/1.1 GWA", 'Content-Type':"text/html; charset=UTF-8"})

mySite已映射并位于dns。

看起来它正在尝试进行重定向(这对我对OAuth的理解有限,但是返回代码是200而重定向是302?

我可以使用urlFetchApp获取访问令牌吗?

1 个答案:

答案 0 :(得分:12)

您的应用无法检索您尝试检索的网址 - 您需要将最终用户重定向到该网址。然后,最终用户授予您的应用访问其数据的权限,然后Google会将用户重定向回您的应用。

由于我不相信Google提供从Google Apps脚本运行客户端JavaScript的功能,因此您将需要使用Web服务器(授权代码)流程。这意味着当用户重定向回您的应用时,该URL将包含授权代码。然后,您从Apps脚本向OAuth 2.0令牌端点执行服务器到服务器请求,以交换OAuth访问令牌的授权代码。

这是一些示例代码(没有正确的错误处理等等但它运行):

function doGet(e) {
  var scriptUri = "https://docs.google.com/macros/s/AKfycbzg1LZIqKlKu5f7TtRL4VuleEjExXVCEqH15fI3/exec";
  var clientId = "764634415739.apps.googleusercontent.com";
  var clientSecret = "XXXXXXX-YYYYYYYYY";
  var scope = "https://www.googleapis.com/auth/plus.me";


  var app = UiApp.createApplication().setTitle("");
  var div = app.createVerticalPanel();

  if (e.parameter && e.parameter.code) {
    var redirectUri = scriptUri;
    var tokenEndpoint = "https://accounts.google.com/o/oauth2/token";

    var postPayload = {
      "code" : e.parameter.code,
      "client_id" : clientId,
      "client_secret" : clientSecret,
      "redirect_uri" : redirectUri,
      "grant_type" : "authorization_code"
    };

     var options = {
      "method" : "post",
      "payload" : postPayload
    };

    // do a URL fetch to POST the authorization code to google
    // and get an access token back
    var response = UrlFetchApp.fetch(tokenEndpoint, options);
    var tokenData  = Utilities.jsonParse(response.getContentText());

    // call the Google+ API and get response
    var plusOptions = {
      "headers" : {
        "Authorization" : "Bearer " + tokenData.access_token
      }
    };
    var plusResponse = UrlFetchApp.fetch(
      "https://www.googleapis.com/plus/v1/people/me", plusOptions);
    var plusData = Utilities.jsonParse(plusResponse.getContentText());

    div.add(app.createLabel(plusData.displayName));
    div.add(app.createLabel(plusData.url));

  } else {
    // ask user to go over to Google to grant access
    var redirectUri = scriptUri;
    var url1 = "https://accounts.google.com/o/oauth2/auth?client_id=" + clientId + 
        "%26response_type=code" +
        "%26scope=" + scope +
        "%26redirect_uri=" + redirectUri; 
    div.add(app.createAnchor('Grant data access at Google',url1));   
  }
  app.add(div);


  return app;
}

以下是行动中的代码: https://docs.google.com/macros/s/AKfycbzg1LZIqKlKu5f7TtRL4VuleEjExXVCEqH15fI3/exec