如何通过我的Django应用对Google hangout聊天机器人进行oauth身份验证?

时间:2019-06-11 11:25:25

标签: google-apps-script oauth-2.0 django-rest-framework hangouts-chat hangouts-api

我正在遵循Google环聊聊天提供的本教程,以对我的Django应用进行oauth身份验证。 https://developers.google.com/hangouts/chat/how-tos/auth-3p

我们如何启动oauth进程,如何将configCompleteRedirect Url参数保存在机器人代码中?

我尝试实现从我的应用程序返回代码的使用,但是当我返回到事件提供的url时,它显示关闭并返回过程。我不确定该如何前进。

这是我在bot的Google应用脚本页面上的代码

var RESPONSE_TYPE = 'code';
var client_id = 'OCauEBdxUEXGncRB1WGP9eOeEREPDnwPoKwGgESB';
var client_secret = '8zsIv2wflcITDGXqgD7YKzTYf4fu2rPp73fi9VpqEntkluATGNL56BkDSh5licnUxufK6fU6FmZuhEsjVVUEjXsoFFly37zdptRogmRFCMLaCLMkYW2xvGhaOk5M3InE';

function getOAuthService() {

var client_id = 'OCauEBdxUEXGncRB1WGP9eOeEREPDnwPoKwGgESB';
var client_secret = '8zsIv2wflcITDGXqgD7YKzTYf4fu2rPp73fi9VpqEntkluATGNL56BkDSh5licnUxufK6fU6FmZuhEsjVVUEjXsoFFly37zdptRogmRFCMLaCLMkYW2xvGhaOk5M3InE';
  var userProperties = PropertiesService.getUserProperties();
  var rec = userProperties.getProperty("receiver")
  var twOAuth = OAuth2.createService('TW CHAT')
      .setAuthorizationBaseUrl('https://de4bda93.ngrok.io/oauth/gmail-addon/')
      .setTokenUrl('https://de4bda93.ngrok.io/o/token/')
      .setClientId(client_id)
      .setClientSecret(client_secret)
      .setCallbackFunction('authCallback')
      .setPropertyStore(PropertiesService.getUserProperties())
      .setCache(CacheService.getUserCache())
      .setLock(LockService.getUserLock())
      .setScope('read write')
      .setParam('response_type', RESPONSE_TYPE)
      .setParam('grant_type', 'authorization_code')  
      .setParam('login_email', rec)
      .setParam('access_type', 'offline')  // Requests offline access.
  console.log(twOAuth);
  return twOAuth;
}

function getStateToken(callbackFunction){
 var stateToken = ScriptApp.newStateToken()
     .withMethod(callbackFunction)
     .withTimeout(120)
     .createToken();
 return stateToken;
}

function accessProtectedResource(url, method_opt, payload_opt, headers_opt) {

  var service = getOAuthService();
  var maybeAuthorized = service.hasAccess();

  if (maybeAuthorized) {
    var accessToken = service.getAccessToken();
    var method = method_opt || 'get';
    var headers = headers_opt || {};

    headers['Authorization'] =
        Utilities.formatString('Bearer %s', accessToken);
    var options = {
      'headers': headers,
      'method' : method,
      'muteHttpExceptions': true,
    };
    if(payload_opt){
      options['content_type'] = 'application/json';
      options['payload'] =  payload_opt;
    }
    var resp = UrlFetchApp.fetch(url, options);
    var code = resp.getResponseCode();

    if (code >= 200 && code < 300) {
      return resp;
    } else if (code == 401 || code == 403) {
       maybeAuthorized = false;
    } else if(code == 400){
//      console.info('validation')
      return resp;
    }else{
       console.error("Backend server error (%s): %s", code.toString(),
                   resp.getContentText());
    }
  }
  if (!maybeAuthorized) {
//    CardService.newAuthorizationException()
//      .setAuthorizationUrl(service.getAuthorizationUrl())
//      .setResourceDisplayName("TeamWave Chat bot")
//      .setCustomUiCallback("createTWAuthorizationUi")
//      .throwException();
       return  {
    "actionResponse": {
        "type": "REQUEST_CONFIG",
        "url": service.getAuthorizationUrl(),

   }
   };
  }
}

function logRedirectUri() {
  var service = getOAuthService();
//  console.info(service.getRedirectUri());
}

/**
 * Boilerplate code to determine if a request is authorized and returns
 * a corresponding HTML message. When the user completes the OAuth2 flow
 * on the service provider's website, this function is invoked from the
 * service. In order for authorization to succeed you must make sure that
 * the service knows how to call this function by setting the correct
 * redirect URL.
 *
 * The redirect URL to enter is:
 * https://script.google.com/macros/d/<Apps Script ID>/usercallback
 *
 * See the Apps Script OAuth2 Library documentation for more
 * information:
 *   https://github.com/googlesamples/apps-script-oauth2#1-create-the-oauth2-service
 *
 *  @param {Object} callbackRequest The request data received from the
 *                  callback function. Pass it to the service's
 *                  handleCallback() method to complete the
 *                  authorization process.
 *  @returns {HtmlOutput} a success or denied HTML message to display to
 *           the user. Also sets a timer to close the window
 *           automatically.
 */
function authCallback(callbackRequest) {
  console.log('line 119 auth');
  var authorized = getOAuthService().handleCallback(callbackRequest);
  if (authorized) {
    return HtmlService.createHtmlOutput(
      'Success! <script>setTimeout(function() { top.window.close() }, 1);</script>');
  } else {
    return HtmlService.createHtmlOutput('Denied');
  }
}

/**
 * Returns an array of cards that comprise the customized authorization
 * prompt. Includes a button that opens the proper authorization link
 * for a non-Google service.
 *
 * When creating the text button, using the
 * setOnClose(CardService.OnClose.RELOAD_ADD_ON) function forces the add-on
 * to refresh once the authorization flow completes.
 *
 * @returns {Card[]} The card representing the custom authorization prompt.
 */


/**
 * Unauthorizes the non-Google service. This is useful for OAuth
 * development/testing.  Run this method (Run > resetOAuth in the script
 * editor) to reset OAuth to re-prompt the user for OAuth.
 */
function resetOAuth() {
 var revokeUrl =  'https://de4bda93.ngrok.io/o/revoke_token/';
 var service = getOAuthService();
 var accessToken = service.getAccessToken();
 var data = {
   'client_id': client_id,
   'client_secret': client_secret,
   'token': accessToken
 };
 var options = {
   'method' : 'post',
   'payload' : data
 };
 var response = UrlFetchApp.fetch(revokeUrl, options);
 if(response.getResponseCode() >=200 && response.getResponseCode() <300){
   getOAuthService().reset();
   return true;
 }else{
   console.error("Cannot reset token");
   return false;
 }
}

我正在使用该库oauth来访问令牌,但是它总是返回不可访问的。请帮忙。

https://github.com/gsuitedevs/apps-script-oauth2

我希望身份验证链接将我们带到django页面应用,其中用户提供其凭据,并且在存储了来自用户和google hangout chat的信息之后,我们将其重定向到聊天页面,在该页面上完成了他的每个请求在我们的Django应用中使用oauth Bearer令牌

0 个答案:

没有答案