Google Calendar API是否返回“ HttpError 403”(即使范围提供了完整的读/写访问权限)?
我正在尝试将https://developers.google.com/api-client-library/python/auth/web-app中的Flask示例代码改编成Google Calendar API。这是我到目前为止的内容:
# -*- coding: utf-8 -*-
import os
import flask
import requests
import google.oauth2.credentials
import google_auth_oauthlib.flow
import googleapiclient.discovery
# This variable specifies the name of a file that contains the OAuth 2.0
# information for this application, including its client_id and client_secret.
CLIENT_SECRETS_FILE = "client_secret.json"
# This OAuth 2.0 access scope allows for full read/write access to the
# authenticated user's account and requires requests to use an SSL connection.
SCOPES = ['https://www.googleapis.com/auth/calendar']
API_SERVICE_NAME = 'calendar'
API_VERSION = 'v3'
app = flask.Flask(__name__)
# Note: A secret key is included in the sample so that it works.
# If you use this code in your application, replace this with a truly secret
# key. See http://flask.pocoo.org/docs/0.12/quickstart/#sessions.
app.secret_key = 'REPLACE ME - this value is here as a placeholder.'
@app.route('/')
def index():
return print_index_table()
@app.route('/test')
def test_api_request():
if 'credentials' not in flask.session:
return flask.redirect('authorize')
# Load credentials from the session.
credentials = google.oauth2.credentials.Credentials(
**flask.session['credentials'])
# drive = googleapiclient.discovery.build(
# API_SERVICE_NAME, API_VERSION, credentials=credentials)
# files = drive.files().list().execute()
calendar = googleapiclient.discovery.build(
API_SERVICE_NAME, API_VERSION, credentials=credentials)
# events = calendar.events().list().execute()
calendars = calendar.calendarList().list().execute()
# Save credentials back to session in case access token was refreshed.
# ACTION ITEM: In a production app, you likely want to save these
# credentials in a persistent database instead.
flask.session['credentials'] = credentials_to_dict(credentials)
# return flask.jsonify(**files)
return flask.jsonify(**calendars)
@app.route('/authorize')
def authorize():
# Create flow instance to manage the OAuth 2.0 Authorization Grant Flow steps.
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
CLIENT_SECRETS_FILE, scopes=SCOPES)
flow.redirect_uri = flask.url_for('oauth2callback', _external=True)
authorization_url, state = flow.authorization_url(
# Enable offline access so that you can refresh an access token without
# re-prompting the user for permission. Recommended for web server apps.
access_type='offline',
# Enable incremental authorization. Recommended as a best practice.
include_granted_scopes='true')
# Store the state so the callback can verify the auth server response.
flask.session['state'] = state
return flask.redirect(authorization_url)
@app.route('/oauth2callback')
def oauth2callback():
# Specify the state when creating the flow in the callback so that it can
# verified in the authorization server response.
state = flask.session['state']
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
CLIENT_SECRETS_FILE, scopes=SCOPES, state=state)
flow.redirect_uri = flask.url_for('oauth2callback', _external=True)
# Use the authorization server's response to fetch the OAuth 2.0 tokens.
authorization_response = flask.request.url
# import ipdb; ipdb.set_trace()
flow.fetch_token(authorization_response=authorization_response)
# Store credentials in the session.
# ACTION ITEM: In a production app, you likely want to save these
# credentials in a persistent database instead.
credentials = flow.credentials
flask.session['credentials'] = credentials_to_dict(credentials)
return flask.redirect(flask.url_for('test_api_request'))
@app.route('/revoke')
def revoke():
if 'credentials' not in flask.session:
return ('You need to <a href="/authorize">authorize</a> before ' +
'testing the code to revoke credentials.')
credentials = google.oauth2.credentials.Credentials(
**flask.session['credentials'])
revoke = requests.post(
'https://accounts.google.com/o/oauth2/revoke',
params={'token': credentials.token},
headers={'content-type': 'application/x-www-form-urlencoded'})
status_code = getattr(revoke, 'status_code')
if status_code == 200:
return('Credentials successfully revoked.' + print_index_table())
else:
return('An error occurred.' + print_index_table())
@app.route('/clear')
def clear_credentials():
if 'credentials' in flask.session:
del flask.session['credentials']
return (
'Credentials have been cleared.<br><br>' +
print_index_table())
def credentials_to_dict(credentials):
return {'token': credentials.token,
'refresh_token': credentials.refresh_token,
'token_uri': credentials.token_uri,
'client_id': credentials.client_id,
'client_secret': credentials.client_secret,
'scopes': credentials.scopes}
def print_index_table():
return (
'<table>' +
'<tr><td><a href="/test">Test an API request</a></td>' +
'<td>Submit an API request and see a formatted JSON response. ' +
' Go through the authorization flow if there are no stored ' +
' credentials for the user.</td></tr>' +
'<tr><td><a href="/authorize">Test the auth flow directly</a></td>' +
'<td>Go directly to the authorization flow. If there are stored ' +
' credentials, you still might not be prompted to reauthorize ' +
' the application.</td></tr>' +
'<tr><td><a href="/revoke">Revoke current credentials</a></td>' +
'<td>Revoke the access token associated with the current user ' +
' session. After revoking credentials, if you go to the test ' +
' page, you should see an <code>invalid_grant</code> error.' +
'</td></tr>' +
'<tr><td><a href="/clear">Clear Flask session credentials</a></td>' +
'<td>Clear the access token currently stored in the user session. ' +
' After clearing the token, if you <a href="/test">test the ' +
' API request</a> again, you should go back to the auth flow.' +
'</td></tr></table>')
if __name__ == '__main__':
# When running locally, disable OAuthlib's HTTPs verification.
# ACTION ITEM for developers:
# When running in production *do not* leave this option enabled.
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
# Specify a hostname and port that are set as a valid redirect URI
# for your API project in the Google API Console.
app.run('localhost', 8000, debug=True)
请注意,我已经注释掉了一些与Google云端硬盘相关的行,并将其替换为与Google日历相关的行。
但是,如果我使用python app.py运行Web应用程序并导航到localhost:8000/test,则会收到错误消息:
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/calendar/v3/users/me/calendarList?alt=json returned "Insufficient Permission">
这是完整的追溯:
从How do I get around HttpError 403 Insufficient Permission? (gmail api, python)看来,可以通过增加许可范围来解决此问题。但是,根据https://developers.google.com/identity/protocols/googlescopes#calendarv3,Google Calendar API v3只有两个范围,我已经将其中一个范围传递给“管理您的日历”。
如何解决此错误?
更新
在tehhowch的评论之后,我查看了是否为client_secret.json所引用的'Cleo'Web应用程序授予了足够的范围。但是,似乎已授予范围:
我现在想知道问题是否出在重定向URI上。下面是我的client_secret.json,在其中我扰乱了secret_key。
{
"web": {
"client_id": "821409068013-unernto9l5ievs2pi0l6fir12fus1o46.apps.googleusercontent.com",
"project_id": "cleo-212520",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://www.googleapis.com/oauth2/v3/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "asdfasdfasdfasdf",
"redirect_uris": [
"http://localhost:8000",
"https://app.hicleo.com",
"https://staging.hicleo.com"
],
"javascript_origins": [
"http://localhost:8000",
"https://app.hicleo.com",
"https://staging.hicleo.com"
]
}
}
请注意,重定向URI不包含http://localhost:8000/oauth2callback;这是因为这是我在添加到Google Cloud Console中之前下载的client_secret.json的“旧”版本:
如果我“重新下载” client_secret.json,也许可以正常工作吗?我真的不确定这是否相关,因为我显然已经授予访问Cleo应用程序的权限。
更新2
我尝试在隐身窗口中浏览该流程,以查看问题是否与缓存的Google凭据有关。使用相同的Google帐户登录后,我收到范围更改的警告:
Warning: Scope has changed from "https://www.googleapis.com/auth/calendar" to "https://www.googleapis.com/auth/drive.metadata.readonly https://www.googleapis.com/auth/calendar".
更改范围不是正常的事情吗?为什么我得到警告“错误”而不是页面正常处理?我该如何解决?
1 个答案:
答案 0 :(得分:1)
我最终通过基本上“重新开始”来解决它:我删除了对“ Cleo”第三方应用程序的访问权,重新下标了client_secret.json文件,然后再次转到localhost:8000/test在隐身窗口中。登录后,页面似乎确实返回了预期的JSON响应:
我不确定这些步骤中的哪一个“成功了”;为什么它不适用于现有访问权限(如果那是问题)?
相关问题
- Google Calendar API - (403)未配置访问权限'
- 获取“Net :: HTTPError:Forbidden(403)”
- 在Google+上分享帖子时出现HttpError 403
- Google Search Console API:HttpError 403
- HttpError 403 google目录api
- 403 Google日历的禁止错误
- 用于日历ID的Google Calendar API HttpError 404
- Google Calendar API是否返回“ HttpError 403”(即使范围提供了完整的读/写访问权限)?
- HTTPERROR 403“渗透不足”
- googleapiclient HttpError 403需要权限
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?