英文:
Issue with Google Calendar API using Service account in php
问题
我正在构建我的PHP Web应用程序中的一个页面,可以在其中读取和写入我的Google日历事件,所以我不需要OAuth同意屏幕,因为我只使用我的Google日历。
为此,我在Google控制台创建了服务帐户。
我按照这里的步骤进行操作Google Calendar API in Your Application without Oauth Consent Screen
使用这个PHP SDK:https://github.com/googleapis/google-api-php-client
代码如下:
require_once __DIR__ . '/vendor/autoload.php';
define('CALENDAR_ID', 'google-email-address');
define('CREDENTIALS_PATH', 'service-account.json'); // JSON文件路径
define('SCOPES', Google_Service_Calendar::CALENDAR);
$googleClient = new Google_Client();
$googleClient->setApplicationName("Google Calendar PHP API");
$googleClient->setAuthConfig(CREDENTIALS_PATH);
$googleClient->setScopes([SCOPES]);
$googleClient->setSubject(CALENDAR_ID);
$calendarService = new Google_Service_Calendar($googleClient);
###### 获取事件...
$optParams = ['maxResults' => 10, 'orderBy' => 'startTime', 'singleEvents' => TRUE, 'timeMin' => date(DATE_RFC3339)];
$events = $calendarService->events->listEvents(CALENDAR_ID, $optParams)->getItems();
foreach ($events as $event) {
print_r($event->getSummary() . " " . $start . "\n");
}
现在,在CALENDAR_ID中,当我使用我的Google电子邮件ID(作为日历ID)时,我收到了以下错误:
{ "error": "unauthorized_client", "error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested." }
当我使用由服务帐户生成的电子邮件ID(ss-calender@XXXXXXXXXX.iam.gserviceaccount.com)时,它返回null值。
如何在Google日历中读取/写入事件。
我在控制台和日历中使用相同的Google帐户。
<details>
<summary>英文:</summary>
I am building a page in my php web app where I can read and write my google calendar event so here i do not need for OAuth consent screen, as i am using only my google calendar.
for that i created Service account at google console.
I followed step from here [Google Calendar API in Your Application without Oauth Consent Screen][1]
Using this PHP SDK : https://github.com/googleapis/google-api-php-client
code is
require_once DIR . '/vendor/autoload.php';
define('CALENDAR_ID', 'google-email-address');
define('CREDENTIALS_PATH', 'service-account.json'); // json file path
define('SCOPES', Google_Service_Calendar::CALENDAR);
$googleClient = new Google_Client();
$googleClient->setApplicationName("Google Calendar PHP API");
$googleClient->setAuthConfig(CREDENTIALS_PATH);
$googleClient->setScopes([SCOPES]);
$googleClient->setSubject(CALENDAR_ID);
$calendarService = new Google_Service_Calendar($googleClient);
Get Events...
$optParams = ['maxResults' => 10, 'orderBy' => 'startTime','singleEvents' => TRUE, 'timeMin' => date(DATE_RFC3339)];
$events = $calendarService->events->listEvents(CALENDAR_ID, $optParams)->getItems();
foreach ($events as $event) {
print_r($event->getSummary() . " " . $start . "\n");
}
Now at CALENDAR_ID when i am using my google email id ( as calendar id )
then i got this error
{ "error": "unauthorized_client", "error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested." }
and when i am using email id that was generated by Service Accounts (ss-calender@XXXXXXXXXX.iam.gserviceaccount.com) then its returning null value.
How to read/write event at google calendar.
I am using same google account for console and calendar.
[1]: https://medium.com/@ArchTaqi/google-calendar-api-in-your-application-without-oauth-consent-screen-4fcc1f8eb380
</details>
# 答案1
**得分**: 1
这个错误消息是由于必须在Google Workspace管理员控制台中为服务帐号授权,以及指定每个应用程序应该能够访问的每个API范围而引起的。
在您的Google Cloud控制台中创建服务帐号后,您需要授权该服务帐号访问用户的数据,您需要设置域范围的委派,请记住这将在您的Google Workspace管理员控制台中执行。
### 执行域范围委派的步骤:
- 管理员控制台 > 安全性 > API 控制 > 域范围委派
- 添加新项 > 在客户端ID字段中输入您的服务帐号的唯一ID
- 对于OAuth范围字段,请确保输入与您在代码中设置的相同范围,否则将出现相同的错误消息
但是,如果您没有Google Workspace帐户,且您试图读取和写入您个人的@gmail电子邮件地址日历事件,请与您的服务帐号共享日历:
- 转到Google日历 > “我的日历”部分。要展开它,请单击向下箭头。
- 将鼠标悬停在要共享的日历上,然后单击“更多”,然后单击“设置和共享”。
- 在“与特定人共享”下,单击“添加人员” > 添加服务帐号电子邮件地址。
### 删除:
```php
$googleClient->setSubject(CALENDAR_ID);
参考:
英文:
This error message is caused by the fact that the service account must be authorized in the Google Workspace Admin console, as well as specifying each API scope that an app should be able to access.
After creating the Service account in your Google Cloud console, you need to authorize the service account to access the user's data, you need to set up Domain-wide delegation keep in mind that this is going to be performed in your Google Workspace Admin console.
Steps to perform Domain-wide delegation:
- Admin console > Security > API Controls > Domain-wide Delegation
- Add new > for the Client ID field enter the Unique ID from your service account
- For the OAuth scopes field make sure you enter the same scope you have set up in your code otherwise you'll get the same error message
However, if you do not have a Google Workspace account and you are trying to read and write your personal @gmail email address calendar events, share the calendar with your service account:
- Go to Google Calendar > “My calendars” section. To expand it, click the Down arrow.
- Hover over the calendar you want to share, and click More and then Settings and sharing.
- Under “Share with specific people,” click Add people > add the service account email address.
Delete:
$googleClient->setSubject(CALENDAR_ID);
References:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论