尝试使用服务帐户流获取API访问权限但出现错误
AccessTokenRefreshError:invalid_grant
我做错了什么?
import httplib2
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
SERVICE_ACCOUNT_EMAIL = '....@developer.gserviceaccount.com'
SERVICE_ACCOUNT_PKCS12_FILE_PATH = '/mnt/...privatekey.p12'
user_email = '...@customdomain.com'
with file(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'rb') as f:
key = f.read()
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key, scope=['https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/calendar', 'https://www.googleapis.com/auth/admin.directory.user', 'https://www.google.com/m8/feeds/', 'https://mail.google.com/'], sub=user_email)
http = credentials.authorize(httplib2.Http())
service = build('oauth2', 'v2', http=http)
user = service.userinfo().get().execute()
安装marketplace应用程序时,所有范围都通过Google域管理员授予。
答案 0 :(得分:0)
假设您使用的是Google App Engine:GAE不支持P12,您需要通过OpenSSL将P12转换为PEM。如果您使用的是unix,则可以使用以下命令:
openssl pkcs12 -in privatekey.p12 -nodes -nocerts > privatekey.pem
获得新的PEM文件后,请确保在“----- BEGIN PRIVATE KEY -----”之前删除任何行(可能有四行)。或者,作为替代方案,运行以下命令:
openssl pkcs8 -nocrypt -in privatekey.pem -passin pass:notasecret -topk8 -out pk.pem