英文:
Asserting identity to Google APIs with App Engine development server
问题
我有一个在App Engine上运行的Golang应用程序,我想调用Analytics API来处理一些指标,无论是在App Engine上还是在开发服务器上。
这个页面描述了整个过程,使用服务帐号进行服务器之间的通信,并使用OAuth2获取访问令牌。我想避免自己做这个,所以我找到了Google APIs for Go,以及下面描述了如何在App Engine上实现。
我已经将App Engine应用程序的服务帐号电子邮件添加到Google Analytics中以获取读取权限。
我已经使用Query Explorer尝试了一些查询,效果很好。我甚至使用了从这里获取的包含正确访问令牌的API查询URI,它也能正常工作。在App Engine上,可以使用cURL或通过urlfetch调用它。
我需要在App Engine上自动获取访问令牌,并且在使用开发服务器时也需要。
下面是一个使用Analytics API的URL缩短示例,我已经修改为使用Analytics API。
client := http.Client{
Transport: &oauth2.Transport{
Source: google.AppEngineTokenSource(c, analytics.AnalyticsScope),
Base: &urlfetch.Transport{Context: c},
},
}
svc, err := analytics.New(&client)
if err != nil {
return nil, err
}
data, err := svc.Data.Ga.Get("...")
在开发服务器上的响应是401 Invalid Credentials, authError。
这样应该工作吗,还是我漏掉了什么?
更新
所以,问题已经解决了一半。现在在使用开发服务器时,当我传入服务帐号的电子邮件和.pem文件时,它可以正常工作。然而,同样的服务帐号在App Engine上却不起作用!
googleapi: Error 403: User does not have any Google Analytics account., insufficientPermissions
用户应该是我已经在开发服务器上成功使用的服务帐号,所以我真的不明白这个问题。在App Engine上和开发服务器上使用的是完全相同的代码。
Google Analytics已经设置为具有读取权限,并且我使用的是只读API。它已经在开发服务器上工作了,所以应该没问题。
可能有什么不同导致了这个问题?
英文:
I have a Golang app running on App Engine and I would like to call the Analytics API to process some metrics. Both on App Engine and on the development server.
This page describes the overall procedure using a service account for server-to-server communication and getting an access token using OAuth2. I would like to avoid doing this myself so I found Google APIs for Go and the following that describes how to do it for App Engine.
I have added the App Engine app's service account email to Google Analytics for read access.
I have played around with queries using the Query Explorer and that works great. I have even used the API Query URI from here that includes the proper access token and that works fine. That works fine with cURL or calling it through urlfetch on App Engine.
What I need is to get hold of an access token automatically on App Engine and also while using the development server.
In here is an example for URL shortener which a have modified to use the Analytics API instead.
client := http.Client{
Transport: &oauth2.Transport{
Source: google.AppEngineTokenSource(c, analytics.AnalyticsScope),
Base: &urlfetch.Transport{Context: c},
},
}
svc, err := analytics.New(&client)
if err != nil {
return nil, err
}
data, err := svc.Data.Ga.Get("...")
The response in the development server is 401 Invalid Credentials, authError.
Is this supposed to work like this or am I missing something?
UPDATE
So, the problem is half solved. It works fine now using the development server when I pass in the service account's email and .pem file. However, that very same service account that is in App Engine does not work with the above code!
googleapi: Error 403: User does not have any Google Analytics account., insufficientPermissions
User should be the service account that I already successfully use on the development server, so I don't really understand this problem. It's the exact same code on App Engine and on the development server as well.
Google Analytics is set up to have read access and I use the read-only API. And it already works on the development server so that should be fine.
What might be different that is the issue?
答案1
得分: 1
可以在启动开发服务器时提供必要的信息,就像这里所示。
$ dev_appserver.py --appidentity_email_address email --appidentity_private_key_path file.pem
对于App Engine,您需要使用与应用程序名称相关的服务帐号,而不是使用此服务帐号:
app_name@appspot.gserviceaccount.com
英文:
It is possible to provide the development server with the necessary information at start like here.
$ dev_appserver.py --appidentity_email_address email --appidentity_private_key_path file.pem
And for App Engine you need to not use this Service Account but the one with the app name:
app_name@appspot.gserviceaccount.com
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论