问题描述
我正在尝试通过服务帐户使用域范围内的委托进行Google Drive API调用.我可以使身份验证正常工作,但无法获得驱动器api调用.错误:在驱动器中创建文件时找不到文件
I am trying to make google drive API calls using domain wide delegation by using a service account.I can get the authentication working but not the drive api calls.Error: File not found when creating a file in drive
在进行域范围委派之前,我还通过与服务帐户共享驱动器文件夹来使其工作.但是现在我希望它能在不共享的情况下正常工作.
Also before domain wide delegation I made it to work by sharing a drive folder with the service account. But now I want it to work without sharing.
我认为我需要在某个地方进行一些setServiceAccount的操作.不知道会在哪里发生.
I think i need to do some setServiceAccount stuff somewhere. Not sure where that would happen.
const {google} = require('googleapis');
const auth = new google.auth.JWT(
client_email, null,
privateKey, ['https://www.googleapis.com/auth/drive']
);
const drive = google.drive({version: "v3", auth});
//drive.files.create({});
推荐答案
答案:
您需要将从GCP控制台获得的服务帐户私钥传递给JWT客户端,并指定要模拟为subject
的用户.
Answer:
You need to pass your Service Account private key obtained from the GCP console to your JWT Client, and specify which user you wish to impersonate as a subject
.
获得私钥后,您需要在授权之前将其传递给JWT客户端:
After getting your private key, you need to pass this into your JWT Client before authorisation:
let google = require('googleapis');
let privateKey = require("./privatekey.json");
var jwtClient = new google.auth.JWT({
email: privateKey.client_email,
key: privateKey.private_key,
scopes: ['https://www.googleapis.com/auth/drive'],
subject: 'user@domain.com'
});
jwtClient.authorize(function (error, tokens) {
if (error) {
console.log(error);
return;
}
else {
console.log("Successfully connected!");
}
});
然后,您可以使用Drive API作为服务帐户来完成操作.
Then you can do as you wish with the Drive API as the service account.
希望对您有帮助!
这篇关于使用域范围内的委派和服务帐户的Google OAuth的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!