我正在尝试构建一个Gmail服务,一旦他们的IT管理员在Apps市场上验证了应用,就会读取用户的电子邮件。从文档中看,似乎服务帐户是合适的,我试过这两个:
scope = "https://www.googleapis.com/auth/gmail.readonly"
project_number = "c****io"
authorization_token, _ = app_identity.get_access_token(scope)
logging.info("Using token %s to represent identity %s",
authorization_token, app_identity.get_service_account_name())
#authorization_token = "OAuth code pasted from playground"
response = urlfetch.fetch(
"https://www.googleapis.com/gmail/v1/users/me/messages",
method=urlfetch.GET,
headers = {"Content-Type": "application/json",
"Authorization": "OAuth " + authorization_token})
和
credentials = AppAssertionCredentials(scope=scope)
http = credentials.authorize(httplib2.Http(memcache))
service = build(serviceName='gmail', version='v1', http=http)
listReply = gmail_service.users().messages().list(userId='me', q = '').execute()
然后我根据Unable to access BigQuery from local App Engine development server
启动了dev_appserver.py但是,我收到HTTP错误代码500" Backend Error"。相同的代码,但是当我从OAuth游乐场粘贴access_token时,它工作正常(HTTP 200)。我在我的本地机器上,以防万一。想知道我是否遗漏了什么?我正在尝试为其IT管理员安装了我的Google Marketplace应用的特定域的所有用户查找所有电子邮件。
感谢您的帮助!
答案 0 :(得分:0)
要执行此类型的模拟,您应创建一个JWT并将“sub”字段设置为您要访问其邮箱的用户的电子邮件地址。开发人员文档:Using OAuth 2.0 for Server to Server Applications: Additional claims。
构造凭证的python代码看起来像
credentials = SignedJwtAssertionCredentials(
"<service account email>@developer.gserviceaccount.com",
file("secret-privatekey.pem", "rb").read(),
scope=["https://www.googleapis.com/auth/gmail.readonly"],
sub="<user to impersonate>@your-domain.com"
)