如何使用OAuth 2.0 [GAS和GAE]使用GAE应用程序验证谷歌应用程序脚本

时间:2016-04-06 08:04:22

标签: google-app-engine google-apps-script oauth-2.0 google-oauth2

我们开发了一个应用程序,它将使用OAuth 1.0从GAS脚本与GAE应用程序进行交互,但是我们无法使用OAuth 2.0来实现这一点,我们从OAuth获得访问失败。

getservice.hasAccess()始终返回false。我非常困惑我必须使用哪个URL进行身份验证过程。

我已附上Oauth 1和OAuth 2的来源以供参考

Oauth 1.0
=========
envVars.url = myapp.appspot.com;

  var oAuthConfig = UrlFetchApp.addOAuthService(envVars.serviceName);
  oAuthConfig.setRequestTokenUrl(envVars.url + '/_ah/OAuthGetRequestToken');
  oAuthConfig.setAuthorizationUrl(envVars.url + '/_ah/OAuthAuthorizeToken');
  oAuthConfig.setAccessTokenUrl(envVars.url + '/_ah/OAuthGetAccessToken');

  var requestData = {
    "oAuthServiceName": envVars.serviceName,
    "oAuthUseToken": "always"
  };

  requestData.muteHttpExceptions = true;




Oauth 2.0
=========

envVars.url = myapp.appspot.com
 getservice = getService();


 if (getservice.hasAccess()) {
    Logger.log("All OK");
    return;
  }
 else {
    var authorizationUrl = getservice.getAuthorizationUrl();
    Logger.log('Open the following URL and re-run the script: %s',
               authorizationUrl);
    showURL(authorizationUrl);
  }

function getService()
{
   return OAuth2.createService(envVars.serviceName)
  // Set the endpoint URLs.
  .setAuthorizationBaseUrl(envVars.url + '/_ah/OAuthAuthorizeToken')
  .setTokenUrl(envVars.url + '/_ah/OAuthGetAccessToken')               


  // Set the client ID and secret.
  .setClientId(CLIENT_ID)
  .setClientSecret(CLIENT_SECRET)

  // Set the name of the callback function that should be invoked to complete
  // the OAuth flow.
  .setCallbackFunction('authCallback')

  // Set the property store where authorized tokens should be persisted.
  .setPropertyStore(PropertiesService.getUserProperties());
}

1 个答案:

答案 0 :(得分:0)

Please be mindful that OAuth 1.0 was officially deprecated last April 20, 2012. It is suggested that you need to migrate OAuth 1.0 to OAuth 2.0 as soon as possible.

If a script uses services that can access private data, you will encounter authorization dialog. Apps Script determine the authorization scopes.

Scripts that you have previously authorized will also ask for additional authorization if a code change adds new services. Scripts do not request authorization if they use only services that cannot access user data

Check this document which discuss Permissions and types of scripts: https://developers.google.com/apps-script/guides/services/authorization#permissions_and_types_of_scripts

相关问题
最新问题