Question

是否可以在client-side generated access token中使用server-side call到chromewebstore / v1.1 / userlicenses /来检查用户许可？扩展和app引擎项目都在同一个Gmail帐户上注册。我希望能够判断我的webapp用户是否购买了我的扩展程序。

gapi.auth.authorize({
scope: [
 "https://www.googleapis.com/auth/plus.me",
 "https://www.googleapis.com/auth/plus.login",
 "https://www.googleapis.com/auth/userinfo.email",
 "https://www.googleapis.com/auth/chromewebstore.readonly"].join(" "),
client_id: "xxxxx" 
}, () => gapi.client.myapi.check_payment().execute())

应用引擎代码

import os
import urllib
import endpoints
import httplib2
from oauth2client import client
from protorpc import remote
from protorpc.message_types import VoidMessage

EXTENSION_ID = "xxxxx" # my extension id from Chrome Web Store Developer Dashboard
API_KEY = "xxxxx"  # api key from Google APIs Console
CLIENT_ID = "xxxxx" # OAuth 2.0 client ID from Google APIs Console
SCOPES = [endpoints.EMAIL_SCOPE]


@endpoints.api(name="myapi", version="v1", allowed_client_ids=[CLIENT_ID], scopes=SCOPES)
class MyApi(remote.Service):

    @endpoints.method(VoidMessage, VoidMessage)
    def check_payment(self, msg):
        user = endpoints.get_current_user()
        assert user is not None
        if "HTTP_AUTHORIZATION" in os.environ:
            (tokentype, token) = os.environ["HTTP_AUTHORIZATION"].split(" ")
            credentials = client.AccessTokenCredentials(token, 'my-user-agent/1.0')
            http = credentials.authorize(httplib2.Http())
            params = urllib.urlencode({"key": API_KEY})
            url = "https://www.googleapis.com/chromewebstore/v1.1/userlicenses/%s?%s" % (EXTENSION_ID, params)
            response = http.request(url)

回复403状态：{“domain”：“global”，“reason”：“forbidden”，“message”：“您无权访问App ID的许可数据：xxxxx”}

Answer 1

所以是的，没有办法让它工作，这种请求只能通过identity.getAuthToken创建的令牌授权。

检查来自Google应用引擎的Chrome网上应用店用户许可

1 个答案: