英文:
Google service account authentication Python: 401 Request had invalid authentication credentials
问题
I am writing a script that needs to connect to the Google API and download some emails. This script will run on a server, so I need to make sure that it does not require user interaction when authenticating.
文档建议在服务器之间的应用程序中使用服务帐户。我按照文档中的教程操作,但返回了401错误。
from google.oauth2.service_account import Credentials
from googleapiclient.discovery import build
from typing import List, Dict
import logging
logging.basicConfig(format='%(asctime)s - %(message)s', level=logging.INFO)
SCOPES = ['https://www.googleapis.com/auth/gmail.readonly']
KEYWORD = "LinkedIn"
def login() -> Credentials:
try:
credentials = Credentials.from_service_account_file('credentials.json', scopes=SCOPES)
return credentials
except Exception as ex:
logging.error(f"-----ERROR-----login: {ex}")
def get_unread_messages(credentials) -> List[Dict]:
try:
service = build('gmail', 'v1', credentials=credentials)
result = service.users().messages().list(userId='me', labelIds=["INBOX", "UNREAD"]).execute()
message_ids = result.get('messages')
unread_messages = [service.users().messages().get(userId='me', id=msg['id']).execute() for msg in message_ids]
return unread_messages
except Exception as ex:
logging.error(f"-----ERROR-----get_unread_messages:{ex}")
credentials = login()
get_unread_messages(credentials)
错误信息
------ERROR-----get_unread_messages:<HttpError 401 when requesting https://gmail.googleapis.com/gmail/v1/users/me/messages?labelIds=INBOX&labelIds=UNREAD&alt=json returned "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.". Details: "[{'message': 'Invalid Credentials', 'domain': 'global', 'reason': 'authError', 'location': 'Authorization', 'locationType': 'header'}]">
英文:
I am writing a script that needs to connect to the Google API and download some emails. This script will run in a server, so I need to make sure that it does not require user interaction when authenticating.
The documentation suggest to use a service account for server-to-server applications. I followed the tutorial in the docs, but it comes back with 401.
from google.oauth2.service_account import Credentials
from googleapiclient.discovery import build
from typing import List, Dict
import logging
logging.basicConfig(format='%(asctime)s - %(message)s', level=logging.INFO)
SCOPES = ['https://www.googleapis.com/auth/gmail.readonly']
KEYWORD = "LinkedIn"
def login() -> Credentials:
try:
credentials = Credentials.from_service_account_file('credentials.json', scopes=SCOPES)
return credentials
except Exception as ex:
logging.error(f"-----ERROR-----login: {ex}")
def get_unread_messages(credentials) -> List[Dict]:
try:
service = build('gmail', 'v1', credentials=credentials)
result = service.users().messages().list(userId='me', labelIds=["INBOX", "UNREAD"]).execute()
message_ids = result.get('messages')
unread_messages = [service.users().messages().get(userId='me', id=msg['id']).execute() for msg in message_ids]
return unread_messages
except Exception as ex:
logging.error(f"-----ERROR-----get_unread_messages:{ex}")
credentials = login()
get_unread_messages(credentials )
**
Error message**
------ERROR-----get_unread_messages:<HttpError 401 when requesting https://gmail.googleapis.com/gmail/v1/users/me/messages?labelIds=INBOX&labelIds=UNREAD&alt=json returned "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.". Details: "[{'message': 'Invalid Credentials', 'domain': 'global', 'reason': 'authError', 'location': 'Authorization', 'locationType': 'header'}]">
答案1
得分: 0
服务账户授权仅适用于配置了域范围委托并在您的代码中添加了用户模拟的Google Workspace域帐户。
对于标准Gmail帐户,您需要使用OAuth2进行一次用户授权并存储刷新令牌。
英文:
service account authorization only works with google workspace domain accounts after you have configured domain wide deligation and added a user impersonation to you code.
for standard Gmail accounts you need to use Oauth2 and authorize the user once and store the refresh token
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论