如何使用服务帐户访问GSuite电子邮件帐户的GMAIL API

本文介绍了如何使用服务帐户访问GSuite电子邮件帐户的GMAIL API的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我希望我的服务帐户可以模拟GSuite中的一位用户.我有

I want my service account to impersonate one of the users in the GSuite.I have

通过GCP创建了一个项目
在项目中启用了GMail API
在该项目中添加了一个服务帐户
在 GCP

全域授权

通过Google管理控制台为 GSuite

服务帐户ID

API客户端

浏览文档(java)时，我看到了

While going through docs (java), I saw this

GoogleCredential credential = GoogleCredential.fromStream(new FileInputStream("MyProject-1234.json"))
    .createScoped(Collections.singleton(SQLAdminScopes.SQLSERVICE_ADMIN))
    .createDelegated("user@example.com");

在这里，他们指定服务帐户应模拟的用户.这段代码在Java中.我需要在nodejs中完成同样的事情.

Here they are specifying which user the service account should impersonate. This code is in java. I need to accomplish the same thing in nodejs.

在查阅 googleapis 的 nodejs-client 文档时，我发现:

While going through documentation of nodejs-client for googleapis, I found this:

const {google} = require('googleapis');

const auth = new google.auth.GoogleAuth({
  keyFile: '/path/to/your-secret-key.json',
  scopes: ['https://www.googleapis.com/auth/cloud-platform'],
});

和

const {google} = require('googleapis');

const oauth2Client = new google.auth.OAuth2(
  YOUR_CLIENT_ID,
  YOUR_CLIENT_SECRET,
  YOUR_REDIRECT_URL
);

// set auth as a global default
google.options({
  auth: oauth2Client
});

此处 GoogleAuth 和 OAuth2 有什么区别?

What is the difference between GoogleAuth and OAuth2 here?

如何设置所有内容，以便我的node.js应用程序可以通过服务帐户访问 user@abc.xyz 邮件?

How do I set everything up so that my node.js application can access user@abc.xyz mail via the service account?

如何指定要通过服务帐户访问的电子邮件?

How do I specify the email I want to access via service account?

文档指定:

换句话说:

google.auth.GoogleAuth 是一个库工具，如果您不知道所需的凭据，则会为您动态创建正确的凭据
google.auth.OAuth2 始终专门创建OAuth2凭据
对于大多数需要通过OAth2身份验证的应用程序，
但是，要使用服务帐户，您需要创建一个指定JSON Web令牌-web-tokens"rel =" nofollow noreferrer>此处

google.auth.GoogleAuth is a library tool that creates dynamically the correct credentials for you if you do not know which credentials you need
google.auth.OAuth2 always creates specifically OAuth2 credentials
For most applications where you authenticate as yourself OAth2 is what you need
However for using a service account you need to create a JSON Web Token a specified here

再次检查您是否已创建服务帐户凭据(最好作为 json 文件)，已启用全域授权，并为服务帐户提供了必要的范围在管理控制台中.
要在代码中实现模拟，请在创建JWT客户端时添加行 subject:USER_EMAIL .

Double-check that you created service account crendetials, preferably as a json file, enabled domain-wide delegation and provided the service account with the necessary scopes in the admin console.
To implement impersonation into your code, add the line subject: USER_EMAIL when creating the JWT client.

样品

const {JWT} = require('google-auth-library');
//THE PATH TO YOUR SERVICE ACCOUNT CRENDETIALS JSON FILE
const keys = require('./jwt.keys.json');

async function main() {
  const client = new JWT({
    email: keys.client_email,
    key: keys.private_key,
    scopes: ['YOUR SCOPES HERE'],
    subject: USER_EMAIL
  });
  const url = `https://dns.googleapis.com/dns/v1/projects/${keys.project_id}`;
  const res = await client.request({url});
  console.log(res.data);
}

main().catch(console.error);

这篇关于如何使用服务帐户访问GSuite电子邮件帐户的GMAIL API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！

帐户