我已经阅读了与该问题有关的所有堆栈溢出问题。我对此有一些了解,但无法帮助我解决此问题。
我已使用服务帐户进行授权。因为我不想为用户显示授权屏幕。因此,我已经创建了服务帐户并在GoogleAPI控制台中启用了域范围的委托权限。
我需要以编程方式在用户的Google教室中创建课程。我已经按照Java Quickstart使用了OAuth客户端ID和OAuth客户端密码。完成后,授权令牌已存储在项目目录中。使用此令牌,我可以在授权用户的Google教室中创建课程。由于我需要在Google课堂中为我域中的许多用户创建课程。所以我用了服务帐号。当我尝试实现它时,出现了以上错误。
我已经在Web应用程序中实现了它。为了更好的理解和代码可读性,我创建了一个快速入门maven项目并粘贴了代码。该代码在 System.out.println(“ Entering to list course method:”); 这一行之前都可以正常工作。
1)如何解决此问题?
2)会要求管理员授权吗?因为为了访问用户数据,我们需要访问令牌。如何使用服务帐户获取访问令牌?
public class ClassroomServiceAccount {
private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
private static final String SERVICE_ACCOUNT_EMAIL = "xxxxxxx@projectName.iam.gserviceaccount.com";
private static final String SERVICE_ACCOUNT_PKCS12_FILE_PATH = "/MyProject.p12";
private static final List<String> SCOPES = Arrays.asList(ClassroomScopes.CLASSROOM_COURSES, ClassroomScopes.CLASSROOM_TOPICS, ClassroomScopes.CLASSROOM_ANNOUNCEMENTS);
public static void main(String... args) throws IOException, GeneralSecurityException {
HttpTransport httpTransport = new NetHttpTransport();
InputStream in = ClassroomServiceAccount.class.getResourceAsStream(SERVICE_ACCOUNT_PKCS12_FILE_PATH);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(in, "notasecret".toCharArray());
String alias = "key1";
Key key = keystore.getKey(alias, "notasecret".toCharArray());
// Get certificate of public key
Certificate cert = keystore.getCertificate(alias);
// Get public key
PublicKey publicKey = cert.getPublicKey();
System.out.println("This is public key : "+ publicKey);
// Return a key pair
KeyPair k = new KeyPair(publicKey, (PrivateKey) key);
System.out.println("This is k : "+ k.getPrivate());
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountPrivateKey(k.getPrivate())
.setServiceAccountScopes(SCOPES)
.setServiceAccountUser("email@yourdomain.com")
.build();
System.out.println("credentials : " + credential.getServiceAccountPrivateKey());
Classroom service = new Classroom.Builder(httpTransport, JSON_FACTORY, null)
.setApplicationName(APPLICATION_NAME)
.setHttpRequestInitializer(credential)
.build();
// Create courses in users google classroom
Course course = new Course();
course.setOwnerId("user@yourdomain.com");
course.setName("Science");
service.courses().create(course).execute();
}
}
答案 0 :(得分:0)
如评论中所述,您必须用Service Account中的用户凭据替换用户凭据。在本示例中,我使用服务帐户中的示例修改了凭证的Classroom Quickstart示例。如您所见,我完全删除了getCredentials函数。但是,您仍然可以将凭据生成器放在此处:
public class ClassroomQuickstart {
private static final String APPLICATION_NAME = "Google Classroom API Java Quickstart";
private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
private static final String TOKENS_DIRECTORY_PATH = "tokens";
private static final String KEY_FILE_LOCATION = "full path of your service account creds json";
/**
* Global instance of the scopes required by this quickstart.
* If modifying these scopes, delete your previously saved tokens/ folder.
*/
private static final List<String> SCOPES = Collections.singletonList(ClassroomScopes.CLASSROOM_COURSES_READONLY);
/**
* Creates an authorized Credential object.
* @param HTTP_TRANSPORT The network HTTP Transport.
* @return An authorized Credential object.
* @throws IOException If the credentials.json file cannot be found.
*/
public static void main(String... args) throws IOException, GeneralSecurityException {
GoogleCredential credential = GoogleCredential
.fromStream(new FileInputStream(KEY_FILE_LOCATION))
.createScoped(ClassroomScopes.all());
// Build a new authorized API client service.
final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
Classroom service = new Classroom.Builder(HTTP_TRANSPORT, JSON_FACTORY, credential)
.setApplicationName(APPLICATION_NAME)
.build();
// List the first 10 courses that the user has access to.
ListCoursesResponse response = service.courses().list()
.setPageSize(10)
.execute();
List<Course> courses = response.getCourses();
if (courses == null || courses.size() == 0) {
System.out.println("No courses found.");
} else {
System.out.println("Courses:");
for (Course course : courses) {
System.out.printf("%s\n", course.getName());
}
}
}
}
更新:域委派
要使用服务帐户在Google帐户中创建课程,您需要模拟它。为此,您必须执行所谓的Domain-Wide Delegation。
您已经创建了服务帐户,因此我跳到了域范围内的授权:
现在,您必须授权用户,以便您的服务帐户可以模拟它。我没有写这些步骤,因为它太长了,但是您可以看到它们here。
回到代码,我们必须选择设置凭据的方式。为了使事情更简单,我现在使用P12密钥文件而不是JSON凭证:
GoogleCredential credential2 = new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("example@project.iam.gserviceaccount.com")
.setServiceAccountScopes(SCOPES)
.setServiceAccountUser("my_email@example.com")
.setServiceAccountPrivateKeyFromP12File(new File(KEY_FILE_LOCATION)).build();
其他域范围的快速入门here
您的“课堂”服务生成器和新的“课程代码”正确,并且应该使用新的凭据。
答案 1 :(得分:0)
我已经通过更改范围解决了此异常。即,在我的代码中,我使用了三个范围。这三个范围应与Gsuite的范围相匹配。在delegating domain-wide authority to the service account期间,我们添加了范围。这两个范围应匹配,以避免401未经授权。