问题描述

我正在使用 Google Apps 脚本和一些高级服务(例如 Admin SDK(目录 API)和经销商 API)开发应用程序.

I am developing an application using Google Apps Script and using some Advanced Services such as Admin SDK (Directory API) and Reseller API.

似乎这些 API 是在访问我的 WebApp 的用户的上下文中由我的 WebApp 调用的(它部署为以用户访问 Web 应用程序"的身份执行应用程序).

It seems like these API's are being called by my WebApp under context of user who is accessing my WebApp (it's deployed with 'Execute the app as 'User accessing the webapp').

理想情况下，我希望这些 API 调用能够通过我的项目下的某个服务帐户(在开发控制台中)进行身份验证.是否可以?怎么样?

Ideally, I would like these API's calls to be authenticated with some Service Account under my project (in Dev Console). Is it possible? How?

推荐答案

当您的脚本作为用户访问 web 应用程序"运行时，它会根据您的配额运行用户数据.如果您想针对您的数据运行它，您需要更改设置以将应用程序作为我"执行.

When your scripts are ran as 'User accessing the webapp' it runs off the users data against your quota. If you want to run it against your data you need to change the settings to execute the app as "me".

如果您需要执行混合身份验证模型，其中应用程序需要访问两个不同帐户的数据，您有一些选择.无论哪种方式，一个帐户都可以访问内置的 Apps 脚本服务，另一个帐户将使用 API 的 REST 接口来访问其数据.

If you need to do a mixed authentication model where the app needs to access the data of two different accounts, you have some options. Either way one account gets to access the built in Apps Script services and the other will use the REST interfaces to the APIs to access their data.

您可以以我"的身份运行应用程序，然后为用户管理您自己的 Oauth.这可以通过 OAuth 库完成，例如:

You can run the app as "me" then manage your own Oauth for the user. This can be done with an OAuth Library such as:

https://github.com/googlesamples/apps-script-oauth2

或者，您可以以用户身份运行应用，并为您的服务器使用服务帐户.这是我为在 Apps 脚本中使用服务帐户而放在一起的库:

Or you can run the app as the user and use a service account for your server. Here is a library I put together for using service accounts in Apps Script:

https://github.com/Spencer-Easton/Apps-Script-GSApp 库

这篇关于通过服务帐户使用高级 Google 服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！