在python中使用GAE上的OAuth2

时间:2014-09-17 17:52:17

标签: python google-app-engine

我正在尝试创建一个GAE应用,用户可以使用OAuth2访问appspot域,获得授权(或不授权),然后使用gdata.spreadsheet.service以自动方式修改其中一个Google电子表格。我已经使用SignedJwtAssertionCredentials来实现这一点,但在这种情况下,用户必须特别允许从应用程序进行编辑;我正试图跳过此步骤,让应用程序使用OAuth2从自己的帐户修改用户的电子表格。

Google提供的文档说,装饰器是实现此目的的最简单方法,执行以下操作:

from apiclient.discovery import build
from google.appengine.ext import webapp
from oauth2client.appengine import OAuth2Decorator

decorator = OAuth2Decorator(
  client_id='your_client_id',
  client_secret='your_client_secret',
  scope='https://www.googleapis.com/auth/calendar')

service = build('calendar', 'v3')

...

  @decorator.oauth_required
  def get(self):
    # Get the authorized Http object created by the decorator.
    http = decorator.http()
    # Call the service using the authorized Http object.
    request = service.events().list(calendarId='primary')
    response = request.execute(http=http)

但我不知道如何使用此service对象来完成电子表格修改的目标。有关如何使用service对象的任何一般提示或具体提示都会有所帮助。

1 个答案:

答案 0 :(得分:1)

在提供的示例中,您使用Google Calendar API构建日历服务,而不是基于GData的API。对于基于GData的API,您必须使用gdata.gauth代替。

请注意,gdata.spreadsheet.service不适用于gdata.gauth,因为它仅支持已弃用的ClientLogin(请查看[1]中提供的SpreadsheetsService构造函数)。您应该使用gdata.spreadsheets.client代替。

完整的SpreadsheetsClient文档可在[2]获得。您可以考虑将此工作表添加到电子表格中的示例:

import webapp2
import cgi
import atom.data
import gdata.data
import gdata.spreadsheets.client

from oauth2client.client import OAuth2WebServerFlow

SCOPE = 'https://spreadsheets.google.com/feeds'

flow = OAuth2WebServerFlow(
  client_id='your_client_id',
  client_secret='your_client_secret',
  scope=SCOPE,
  redirect_uri='https://your_app.appspot.com/oauth2callback',
  response_type='code')


class OAuthCalback(webapp2.RequestHandler):
    def get(self):
        # Get auth code
        auth_code = cgi.escape(self.request.get('code'))

        # Exchange auth code for credentials
        credentials = flow.step2_exchange(auth_code)

        # Get token from credentials
        auth2token = gdata.gauth.OAuth2Token(client_id=credentials.client_id,
          client_secret=credentials.client_secret,
          scope=SCOPE,
          access_token=credentials.access_token,
          refresh_token=credentials.refresh_token,
          user_agent='AppEngine-Google;(+http://code.google.com/appengine; appid: your_app_id)')

        # Construct client
        spreadsheets_client = gdata.spreadsheets.client.SpreadsheetsClient(source='https://your_app.appspot.com', auth_token=auth2token)

        # Authorize it
        auth2token.authorize(spreadsheets_client)

        # Spreadsheet key
        key = 'your_spreadsheet_key'

        # Add worksheet to the spreadsheet
        entry = spreadsheets_client.add_worksheet(key, 'test', 7, 10)


class MainHandler(webapp2.RequestHandler):
    def get(self):
        # Get url to start authorization
        auth_url = flow.step1_get_authorize_url()

        # Render link
        content = '<a style="display:inline" href="' + auth_url + ' "target="_blank">Authorize</a>'
        self.response.out.write(content)


app = webapp2.WSGIApplication([('/', MainHandler),
                                ('/oauth2callback', OAuthCalback),
                                ], debug=True)

关于OAuth,我会使用OAuth2WebServerFlow(参见[3]获取更多信息)。可以使用pickle对Credentials对象进行序列化和反序列化。在[4]中描述了存储凭证对象的更简单方法。

[1] - https://code.google.com/p/gdata-python-client/source/browse/src/gdata/spreadsheet/service.py?r=f7a9cb244df430d960f6187ee0fbf85fe0218aac
[2] - https://gdata-python-client.googlecode.com/hg/pydocs/gdata.spreadsheets.client.html#SpreadsheetsClient
[3] - https://developers.google.com/api-client-library/python/guide/aaa_oauth#OAuth2WebServerFlow
[4] - https://developers.google.com/api-client-library/python/guide/google_app_engine#Credentials