使用日历api与google-api-php-client进行Google服务帐户身份验证

i am using php 5.3.3, and codeigniter 2.1.0. what i want to do is set up a service account, so a user can add an appointment in a text entry field on my website, then have that appointment added to a shared shared google calendar.

i have a google account, and using : https://code.google.com/apis/console I created a new project called 'pqp' on services: enabled the calendar api on api access: i created an oath 2.0 client id… product name = pqp, application type = service account.

downloaded the key 46… -privatekey.p12. there is a screenshot of the settings:

preview

I got an svn checkout of the google-api-php-client (28/6/2012) In the google-api-php-client/src/config.php I changed lines:

25: 'application_name' => 'pqp',
28: 'oauth2_client_id' => '373xxx730.apps.googleusercontent.com',
57: 'ioFileCache_directory'  => 'tmp/apiClient',  // my apache user does not have access to the system /tmp folder.  + tmp/apiClient has permissions of 777 on the server.

using this link:

http://code.google.com/p/google-api-php-client/source/browse/trunk/examples/prediction/serviceAccount.php?spec=svn445&r=395

I modified it to:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Test extends CI_Controller{
    function __construct()
    {
        parent::__construct();
    }
    function index()
    {
        set_include_path(get_include_path() . PATH_SEPARATOR .dirname(__FILE__).'/../libraries/google-api-php-client/src');
        ini_set('error_reporting',E_ALL);
        ini_set('display_errors','1');
        // Set your client id, service account name, and the path to your private key.
        // For more information about obtaining these keys, visit:
        // https://developers.google.com/console/help/#service_accounts
        define('CLIENT_ID','3731xxx44730.apps.googleusercontent.com');
        define('SERVICE_ACCOUNT_NAME','373xxx244730@developer.gserviceaccount.com');
        // Make sure you keep your key.p12 file in a secure location, and isn't
        // readable by others.
        define('KEY_FILE',dirname(__FILE__).'/../../461290xxx796c0b7db9582c-privatekey.p12');

        require_once "apiClient.php";
        require_once "contrib/apiCalendarService.php";

        $client = new apiClient();
        $client->setApplicationName("pqp");     
        // Set your cached access token. Remember to replace $_SESSION with a
        // real database or memcached.
        session_start();
        if (isset($_SESSION['token'])) {
            $client->setAccessToken($_SESSION['token']);
            echo 'client access token is set.<br/>';
        }

        // Load the key in PKCS 12 format (you need to download this from the
        // Google API Console when the service account was created.
        $key = file_get_contents(KEY_FILE);
        $creds = new apiAssertionCredentials(SERVICE_ACCOUNT_NAME,array('https://www.googleapis.com/auth/calendar'),$key);
        $client->setAssertionCredentials($creds);
        $client->setClientId(CLIENT_ID);
        $service = new apiCalendarService($client);
        echo 'client:<br/>';
        var_dump($client);
        echo 'service:<br/>';
        var_dump($service);
        // We're not done yet. Remember to update the cached access token.
        // Remember to replace $_SESSION with a real database or memcached.
        if ($client->getAccessToken()) {
            $_SESSION['token'] = $client->getAccessToken();
            echo 'token is good!, so creating an event....';
            echo $this->insert_event($service,'testing summary','my location','2012-06-29T10:00:00.000+10:00','2012-06-29T10:00:00.000+10:00');
        }
    }


    function insert_event($service,$summary,$location,$from,$to){
        $event = new Event();
        $event->setSummary($summary);
        $event->setLocation($location);
        $start = new EventDateTime();
        $start->setDateTime($from);
        $event->setStart($start);
        $end = new EventDateTime();
        $end->setDateTime($to);
        $event->setEnd($end);
        $attendee1 = new EventAttendee();
        $attendee1->setEmail('test@example.com');
        $attendees = array($attendee1);
        $event->attendees = $attendees;
        $createdEvent = $service->events->insert('primary', $event);
        return $createdEvent->getId();

    }
}

a pastie of the output is here:

the $client object is not authenticated, the getAccessToken is not set, and the event is not inserted.

i have found it difficult to work out which settings in the $config file to change because there is different nomenclature. i guess this is an artifact of how the code has progressed. are the settings in src/config.php correct? do i need to alter any more settings?

it is my understanding that if i create the service account, download the key file, and the contents of this file with my developer id, it should return a token, and there is no need to set up a redirection uri.. is that correct? this is the functionality i want. i don't want the user to have to authorise access because the website will only ever interact with one google account.

So, the question is, how do i get this calendar api to authenticate using a google service account?

php

1个回答



您可以尝试 this 如果你还没有... </ p>

编辑:< / strong> 这个令人感兴趣但是 如果你还想自己写一个,那么试试这个< / a> oauth2的母亲。 help </ p>

关于Google服务帐户 您使用的-api-php-client(总是使用SVN的中继线)我无法在代码操作中找到任何引用 apiAssertionCredentials :: generateAssertion()</ code>
dedefinitely没有调用auth 在那里</ p>

  public function __construct(
$ serviceAccountName,
$ scopes,
$ privateKey,
$ privateKeyPassword ='notasecret',
$ assertionType =' http://oauth.net/grant_type/jwt/1.0/bearer',
$ prn = false){
$ this-&gt; serviceAccountName = $ serviceAccountName;
$ this-&gt; scopes = is_string($ scopes )? $ scopes:implode('',$ scopes);
$ this-&gt; privateKey = $ privateKey;
$ this-&gt; privateKeyPassword = $ privateKeyPassword;
$ this-&gt; assertionType = $ assertionType;
$ this-&gt; prn = $ prn;
}
</ code> </ pre>

我应该调用此方法... </ p>

< pre> public function generateAssertion(){
$ now = time();

$ jwtParams = array(
'aud'=&gt; apiOAuth2 :: OAUTH2_TOKEN_URI,
'cope'=&gt; $ this-&gt; scopes,
'at'=&gt; $ now,
'ex'=&gt; $ now + self :: MAX_TOKEN_LIFETIME_SECS,
'iss'=&gt; $ this-&gt; serviceAccountName,\ n);

if($ this-&gt; prn!== false){
$ jwtParams ['prn'] = $ this-&gt; prn;
}

返回$ this-&gt ; makeSignedJwt($ jwtParams); \ N}
</代码> </ PRE>

修改</强>
Pardon。 在新鲜的版本。 看起来像是 Google_OAuth2 :: refreshTokenWithAssertion()</ code>实际应该启动真正的过程</ p>
</ div>

展开原文

原文

You can try this one if you not already...

EDIT: this one intresting but if you still feel like to write one yourself then try this THE mother of the oauth2. helpful

About Service Account at google-api-php-client that you use(always take the trunk's one with SVN) I can't found in that code manipulations any reference apiAssertionCredentials::generateAssertion() definitely there is no call to auth in there

public function __construct(
      $serviceAccountName,
      $scopes,
      $privateKey,
      $privateKeyPassword = 'notasecret',
      $assertionType = 'http://oauth.net/grant_type/jwt/1.0/bearer',
      $prn = false) {
    $this->serviceAccountName = $serviceAccountName;
    $this->scopes = is_string($scopes) ? $scopes : implode(' ', $scopes);
    $this->privateKey = $privateKey;
    $this->privateKeyPassword = $privateKeyPassword;
    $this->assertionType = $assertionType;
    $this->prn = $prn;
}

and this method should be called I guess...

public function generateAssertion() {
    $now = time();

    $jwtParams = array(
          'aud' => apiOAuth2::OAUTH2_TOKEN_URI,
          'scope' => $this->scopes,
          'iat' => $now,
          'exp' => $now + self::MAX_TOKEN_LIFETIME_SECS,
          'iss' => $this->serviceAccountName,
    );

    if ($this->prn !== false) {
      $jwtParams['prn'] = $this->prn;
    }

    return $this->makeSignedJwt($jwtParams);
}

EDIT: Pardon. In fresh ver. look's like it's Google_OAuth2::refreshTokenWithAssertion() actualy who should start the real proces

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问