Google Smart Home报告状态错误403

时间:2018-07-23 04:51:46

标签: google-api actions-on-google google-home google-smart-home

我正在报告使用http帖子的设备的状态,以及使用服务帐户生成的jwt。下面是jwt的有效载荷

{
   "iss": "<service-account-email>",
   "scope": "https://www.googleapis.com/auth/homegraph",
   "aud": "https://accounts.google.com/o/oauth2/token",
   "iat": <current-time>,
   "exp": <current-time-plus-one-hour>
 }

此后,我使用python库google.auth.crypt.RSASigner.from_service_account_file(path)使用服务帐户的私钥对jwt进行签名 并生成jwt令牌。我进一步使用此令牌从https://accounts.google.com/o/oauth/token获取访问令牌,这也是成功的。 获取访问令牌后,我向发布请求 https://homegraph.googleapis.com/v1/devices:reportStateAndNotification?key=api_key

带有标题

{"Authorization": "Bearer <token>", "X-GFE-SSL": "yes", "Content-Type": "application/json"}

和json数据

{ "requestId": "ff36a3cc-ec34-11e6-b1a0-64510650abcf", "agent_user_id": "1234", "payload": { "devices": { "states": { "1458765": { "on": true }, "4578964": { "on": true, "isLocked": true } } } } }

但这给了我

{'error': {'code': 403, 'message': 'The request is missing a valid API key.', 'status': 'PERMISSION_DENIED'}}

我遵循以下步骤 https://developers.google.com/actions/smarthome/report-state 我做错了什么吗?还是我错过任何步骤?

更新: 我在uri中添加了api密钥,现在它在响应中又给了我另一个错误

{'error': {'code': 403, 'message': 'The caller does not have permission', 'status': 'PERMISSION_DENIED'}}

如何解决此问题?

1 个答案:

答案 0 :(得分:0)

要向状态图报告状态,您必须:

  • 为您的SmartHomeApp项目中的令牌创建创建服务帐户
  • 转到 API和服务 =>单击凭据 Go to 'APIs & Services' => Click on 'Credentials'
  • 单击创建凭据 =>单击服务帐户密钥 Click on 'Create credentials' => Click on 'Service account key'
  • 填写数据以创建新的新服务帐户 =>选择角色服务帐户>服务帐户令牌创建者 Fill with your data creating a new 'New service account' => Select the role 'Service Accounts > Service Account Token Creator'
  • 使用密钥和证书下载JSON文件
  • 获取有效的签名的JWT令牌

    credentials = service_account.Credentials.from_service_account_file(service_account_file, scopes="https://www.googleapis.com/auth/homegraph")
    
    now = int(time.time())
    expires = now + 3600  # One hour in seconds
    
    payload = {
        'iat': now,
        'exp': expires,
        'aud': "https://accounts.google.com/o/oauth2/token",
        'scope': SCOPE,
        'iss': credentials.service_account_email
    }
    
    signed_jwt = google.auth.jwt.encode(credentials.signer, payload)
    
  • 获取有效的访问令牌

    headers = {"Authorization": "Bearer {}".format(signed_jwt.decode("utf-8")), "Content-Type": "application/x-www-form-urlencoded"}
    data = {"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer", "assertion": signed_jwt}
    
    access_token = requests.post("https://accounts.google.com/o/oauth2/token", data=data, headers=headers).get("access_token")
    
  • 发送报告的状态:

    headers = {"Authorization": "Bearer {}".format(access_token), "X-GFE-SSL": "yes"}
    data = {"requestId": request_id, "agent_user_id": agent_user_id, "payload": {"devices": {"states": states}}}
    
    requests.post("https://homegraph.googleapis.com/v1/devices:reportStateAndNotification", data=json.dumps(data), headers=headers)
    

注意:为了运行这些摘要,需要import google.auth.jwtfrom google.oauth2 import service_accountimport requestsgoogle-authgoogle-auth-httplib2 requests包。