我正在学习如何将REST端点与Google Apps脚本(GAS)结合使用,并希望获得访问令牌,如示例here
我正在使用Google协作平台,这是脚本
function doGet(e) {
var app = UiApp.createApplication().setTitle('test OAuth 2.0');
var mainPanel = app.createVerticalPanel();
app.add(mainPanel);
var url = "https://accounts.google.com/o/oauth2/auth" +
"?scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile" +
"&state=/profile" +
"&redirect_uri=http://<mySite>.com/gas/home/oauth2apis" +
"&response_type=token" +
"&client_id=812741506391.apps.googleusercontent.com" +
"&approval_prompt=force";
Logger.log("encodeURI(url):"+encodeURI(url));
try{
var response = UrlFetchApp.fetch(encodeURI(url));
}catch(e){
Logger.log("caught this:" + e);
}
Logger.log("Response code:"+response.getResponseCode());
Logger.log("X-Auto-Login Response code:"+response.getHeaders());
var returned = app.createTextArea().setHeight(600).setValue(response.getContentText());
mainPanel.add(returned);
return app;
}
和Logger.log
Response code:200
X-Auto-Login Response code:({'Cache-control':"no-cache, no-store", Expires:"Mon, 01-Jan-1990 00:00:00 GMT", 'X-XSS-Protection':"1; mode=block", 'Set-Cookie':"GALX=m0d9oxyH-kQ;Path=/;Secure", 'X-Google-Cache-Control':"remote-fetch", Server:"GSE", Pragma:"no-cache", 'X-Content-Type-Options':"nosniff", 'X-Frame-Options':"Deny", 'X-Auto-Login':"realm=com.google&args=service%3Dlso%26continue%3Dhttps%253A%252F%252Faccounts.google.com%252Fo%252Foauth2%252Fauth%253Fresponse_type%253Dtoken%2526scope%253Dhttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Fuserinfo.email%252Bhttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Fuserinfo.profile%2526redirect_uri%253Dhttp%253A%252F%252F<mySite>.com%252Fgas%252Fhome%252Foauth2apis%2526approval_prompt%253Dforce%2526state%253D%252Fprofile%2526client_id%253D812741506391.apps.googleusercontent.com%2526hl%253Den-US%2526from_login%253D1%2526as%253D6991e98fb6d20df3", 'Strict-Transport-Security':"max-age=2592000; includeSubDomains", Date:"Sat, 16 Jun 2012 12:46:26 GMT", Via:"HTTP/1.1 GWA", 'Content-Type':"text/html; charset=UTF-8"})
mySite已映射并位于dns。
看起来它正在尝试进行重定向(这对我对OAuth的理解有限,但是返回代码是200而重定向是302?
我可以使用urlFetchApp获取访问令牌吗?
答案 0 :(得分:12)
您的应用无法检索您尝试检索的网址 - 您需要将最终用户重定向到该网址。然后,最终用户授予您的应用访问其数据的权限,然后Google会将用户重定向回您的应用。
由于我不相信Google提供从Google Apps脚本运行客户端JavaScript的功能,因此您将需要使用Web服务器(授权代码)流程。这意味着当用户重定向回您的应用时,该URL将包含授权代码。然后,您从Apps脚本向OAuth 2.0令牌端点执行服务器到服务器请求,以交换OAuth访问令牌的授权代码。
这是一些示例代码(没有正确的错误处理等等但它运行):
function doGet(e) {
var scriptUri = "https://docs.google.com/macros/s/AKfycbzg1LZIqKlKu5f7TtRL4VuleEjExXVCEqH15fI3/exec";
var clientId = "764634415739.apps.googleusercontent.com";
var clientSecret = "XXXXXXX-YYYYYYYYY";
var scope = "https://www.googleapis.com/auth/plus.me";
var app = UiApp.createApplication().setTitle("");
var div = app.createVerticalPanel();
if (e.parameter && e.parameter.code) {
var redirectUri = scriptUri;
var tokenEndpoint = "https://accounts.google.com/o/oauth2/token";
var postPayload = {
"code" : e.parameter.code,
"client_id" : clientId,
"client_secret" : clientSecret,
"redirect_uri" : redirectUri,
"grant_type" : "authorization_code"
};
var options = {
"method" : "post",
"payload" : postPayload
};
// do a URL fetch to POST the authorization code to google
// and get an access token back
var response = UrlFetchApp.fetch(tokenEndpoint, options);
var tokenData = Utilities.jsonParse(response.getContentText());
// call the Google+ API and get response
var plusOptions = {
"headers" : {
"Authorization" : "Bearer " + tokenData.access_token
}
};
var plusResponse = UrlFetchApp.fetch(
"https://www.googleapis.com/plus/v1/people/me", plusOptions);
var plusData = Utilities.jsonParse(plusResponse.getContentText());
div.add(app.createLabel(plusData.displayName));
div.add(app.createLabel(plusData.url));
} else {
// ask user to go over to Google to grant access
var redirectUri = scriptUri;
var url1 = "https://accounts.google.com/o/oauth2/auth?client_id=" + clientId +
"%26response_type=code" +
"%26scope=" + scope +
"%26redirect_uri=" + redirectUri;
div.add(app.createAnchor('Grant data access at Google',url1));
}
app.add(div);
return app;
}
以下是行动中的代码: https://docs.google.com/macros/s/AKfycbzg1LZIqKlKu5f7TtRL4VuleEjExXVCEqH15fI3/exec