如何处理对Google oAuth的服务帐户调用中的CORS？

本文介绍了如何处理对Google oAuth的服务帐户调用中的CORS？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我使用服务帐户访问Google日历。这意味着不会提示日历所有者进行授权。

I access a Google calendar using a service account. This means that the owner of the calendar will not be prompted for his authorization.

这在Python中很好，我在其中进行了请求调用具有特定正文的 https://accounts.google.com/o/oauth2/token 。

This works fine in Python, where I make a requests call to https://accounts.google.com/o/oauth2/token with a specific body. This gets me back a token I can use later.

我现在需要在独立浏览器（Chrome-无用户交互）中运行应用程序，并尝试直接移植

I now need to have an application running in a standalone browser (Chrome - without user interaction) and tried to directly port this call as

fetch('https://accounts.google.com/o/oauth2/token',
    {
        method: 'POST',
        body: JSON.stringify(body),
    })
    .then(function(res) { return res.json(); })
    .then(function(data) { alert(JSON.stringify(data)) })

但是我收到Google的回复

but I get a reply from Google

我对CORS的了解有限（a 读得很好）是

My limited understanding of CORS (a previous answer was a very good read) is that

表示它不在 response 标头中，这意味着Google不会希望我从浏览器运行时通过JS访问其资源（指向 https://accounts.google.com 的其他内容）。

means that it is not present in the response headers, which means that Google does not want me to access its resources via JS when ran from the browser (which points to something else that https://accounts.google.com).

这可能是一个好主意，但我控制了所有元素，从代码到浏览器，并希望以与在非浏览器环境中获取令牌相同的方式来获取该令牌，特别是我的工作Python代码。

This may be a good idea but I control all elements, from the code to the browser and would like to get that token the same way I get it in a non-browser environment, specifically my working Python code.

如何告诉 https://accounts.google.com 给我发回 Access-Control-Allow-Origin 标头告诉我的浏览器可以接受呼叫吗？

How can I tell https://accounts.google.com to send me back a Access-Control-Allow-Origin header which tell my browser that it is OK to accept the call?

如何处理对Google

如何处理对Google oAuth的服务帐户调用中的CORS？

问题描述

推荐答案