Google电子表格API - 获取永久访问令牌

时间:2015-05-28 17:18:30

标签: java google-api google-sheets

我有一个在我的计算机上运行的简单Java程序。它的唯一功能是阅读在线电子表格(私人 - 比如购物清单),然后就此做一些无关的工作。

自从谷歌本月放弃了OAuth1.0之后,我一直试图让该计划与OAuth2合作。以前,我可以使用我的电子邮件和应用程序密码对程序进行身份验证。

现在,我被迫通过访问令牌工作。我的代码:

package joeslist;

import com.google.gdata.client.spreadsheet.SpreadsheetService;
import com.google.gdata.data.spreadsheet.CellFeed;
import com.google.gdata.data.spreadsheet.SpreadsheetEntry;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeRequestUrl;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeTokenRequest;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.gdata.data.spreadsheet.SpreadsheetFeed;
import com.google.gdata.util.ServiceException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 *
 * @author 74
 */
public class JoesList {

    public static void main(String[] args) {

        final String CLIENT_ID = "my_client_id.apps.googleusercontent.com";  //Unused?
        final String CLIENT_SECRET = "myClientSecret";

    // This is the Redirect URI for installed applications.
        // If you are building a web application, you have to set your
        // Redirect URI at https://code.google.com/apis/console.
        final String REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";

        final SpreadsheetService service;
        CellFeed feed;
        service = new SpreadsheetService("Joe's List");

        HttpTransport httpTransport = new NetHttpTransport();
        JacksonFactory jsonFactory = new JacksonFactory();
        String[] SCOPESArray = {"https://spreadsheets.google.com/feeds"};
        final List SCOPES = Arrays.asList(SCOPESArray);
        GoogleCredential credential;

        try {          
            // Step 1: Authorize.
            String authorizationUrl = new GoogleAuthorizationCodeRequestUrl(CLIENT_ID, REDIRECT_URI, SCOPES).build();

            // Point or redirect your user to the authorizationUrl.
            System.out.println("Go to the following link in your browser:");
            System.out.println(authorizationUrl);

            // Read the authorization code from the standard input stream.
            BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
            System.out.println("Paste the code that you got.");
            String code = in.readLine();
             // End of Step 1 <--

            // Step 2: Exchange!
            GoogleTokenResponse response
                    = new GoogleAuthorizationCodeTokenRequest(httpTransport, jsonFactory, CLIENT_ID, CLIENT_SECRET,
                            code, REDIRECT_URI).execute();
            System.out.println("Token expires in: " + response.getExpiresInSeconds() + " seconds!"); 

            // Let's build our GoogleCredential now.
            credential = new GoogleCredential.Builder()
                    .setClientSecrets(CLIENT_ID, CLIENT_SECRET)
                    .setTransport(httpTransport)
                    .setJsonFactory(jsonFactory)
                    .build()
                    .setAccessToken(response.getAccessToken())
                    .setRefreshToken(response.getRefreshToken());       
            service.setOAuth2Credentials(credential);
        } catch (IOException ex) {
            Logger.getLogger(FuckingTest.class.getName()).log(Level.SEVERE, null, ex);
        }
        try {
            final String spreadsheetName = "Joe's sheet";
            final URL metafeedUrl=new URL("https://spreadsheets.google.com/feeds/spreadsheets/private/full?xoauth_requestor_id=joe");
            final SpreadsheetFeed spreadsheetFeed = service.getFeed(metafeedUrl, SpreadsheetFeed.class);
            final List<SpreadsheetEntry> spreadsheets = spreadsheetFeed.getEntries();
            System.err.println(spreadsheets.size());
            for (final SpreadsheetEntry spreadsheet : spreadsheets) {
                System.err.println(spreadsheet.getTitle().getPlainText());
                if (spreadsheetName.equals(spreadsheet.getTitle().getPlainText())) {
                    System.err.println("Found the Spreadsheet you want.");
                }
            }
        } catch (final MalformedURLException e) {
            throw new RuntimeException(e);
        } catch (final IOException | ServiceException e) {
            throw new RuntimeException(e);
        }

    }
}

问题:

这是一个私人小程序。我将成为它的唯一用户,我想要它只是阅读一个私人电子表格。

每次运行时,我是否必须跳过箍,手动复制和粘贴访问令牌? 有什么方法可以获得持久或永久的访问令牌吗?

1 个答案:

答案 0 :(得分:1)

答案是,每次访问令牌到期时,您都必须完成此过程。

访问令牌的生命周期有限,从安全角度来看是正确的。永久访问令牌是一个等待被发现的安全漏洞(你知道有人忘记加密它并最终将它存储在/ var / log下或更糟糕的桌面上)。

根据OP

的评论进行编辑

Google提供允许服务器与服务器通信的服务帐户。有关详细信息,请访问Using OAuth 2.0 for Server to Server Applications

相关问题
最新问题