是否可以通过 URL 访问已部署的受保护 Google Web 应用程序而无需每次都从浏览器登录?
Is it possible to access a deployed Protected Google Web App via URL without logging in from browser each time?
我已经部署了一个受保护的网络应用程序,我想在每次不登录的情况下触发它:
我想在不登录的情况下访问网络应用 URL:
根据此文档,不从浏览器登录是不可能的:
https://github.com/tanaikech/taking-advantage-of-Web-Apps-with-google-apps-script/blob/master/README.md
If the script of Web Apps uses some scopes, client users have to
authorize the scopes by own browser.
我假设 scopes 表示网络应用程序受到保护。
我试过这个:https://github.com/gsuitedevs/apps-script-oauth2/blob/master/samples/GoogleServiceAccount.gs 但它要求 "request access"
如果我点击 request access,它会显示:
在这一点上,我认为如果不每次都通过浏览器进行身份验证,就不可能设置一个具有范围的服务帐户来触发受保护的已部署 Web 应用程序。谁能证实这一点?
我的假设是 Web 应用程序范围是 https://www.googleapis.com/auth/drive,因为它可以访问所有驱动器的文件。
更新:(我试过但没有用)
我匹配了脚本中的范围:
到服务帐户:
上面的模糊区域是我从以下位置获得的客户端ID:
我已经使用这个脚本生成了访问令牌:
function accessTokens(){
var private_key = "-----BEGIN PRIVATE KEY-----*****\n-----END PRIVATE KEY-----\n"; // private_key of JSON file retrieved by creating Service Account
var client_email = "****@****.iam.gserviceaccount.com"; // client_email of JSON file retrieved by creating Service Account
var scopes = ["https://www.googleapis.com/auth/documents","https://www.googleapis.com/auth/forms","https://www.googleapis.com/auth/script.external_request","https://www.googleapis.com/auth/spreadsheets","https://www.googleapis.com/auth/userinfo.email"]; // Scopes
var url = "https://www.googleapis.com/oauth2/v3/token";
var header = {
alg: "RS256",
typ: "JWT",
};
var now = Math.floor(Date.now() / 1000);
var claim = {
iss: client_email,
scope: scopes.join(" "),
aud: url,
exp: (now + 3600).toString(),
iat: now.toString(),
};
var signature = Utilities.base64Encode(JSON.stringify(header)) + "." + Utilities.base64Encode(JSON.stringify(claim));
var jwt = signature + "." + Utilities.base64Encode(Utilities.computeRsaSha256Signature(signature, private_key));
var params = {
method: "post",
payload: {
assertion: jwt,
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
},
};
var res = UrlFetchApp.fetch(url, params).getContentText();
Logger.log(res);
var ss = SpreadsheetApp.getActiveSpreadsheet();
var sheet = ss.getSheetByName("Sheet1");
sheet.getRange(1, 3).setValue(JSON.parse(res)['access_token']);
}
仍然有同样的错误,它要求请求访问。
经过几天的研究,我弄明白了(当然是在帮助下)。
- 从您部署的网络应用程序脚本中获取范围:
File > Project Properties > Scopes
- 在
Manage API client access https://admin.google.com/AdminHome?chromeless=1#OGX:ManageOauthClients 页中与 https://www.googleapis.com/auth/drive 一起添加范围(使用逗号分隔添加多个范围:http...,http..., etc.)
- 对于客户端名称,从管理控制台的服务帐户页面获取客户端 ID:https://console.developers.google.com
- 部署脚本
Publish > Deploy as Web App
- 生成访问令牌后(下面的说明),将访问令牌附加到您部署的 Web 应用程序 url
&access_token=YOURTOKENHERE
将此脚本与 google sheet 一起使用,它将在 Sheet1 的单元格 A1 中生成 access_token(将 4 个变量替换为与您相关的信息):
function accessTokens(){
var private_key = "-----BEGIN PRIVATE KEY-----n-----END PRIVATE KEY-----\n"; // private_key of JSON file retrieved by creating Service Account
var client_email = "*****@****.iam.gserviceaccount.com"; // client_email of JSON file retrieved by creating Service Account
var scopes = ["https://www.googleapis.com/auth/documents","https://www.googleapis.com/auth/forms","https://www.googleapis.com/auth/script.external_request","https://www.googleapis.com/auth/spreadsheets","https://www.googleapis.com/auth/userinfo.email","https://www.googleapis.com/auth/drive"]; // Scopes
var impersonate_email = "" //impersonate email
var url = "https://www.googleapis.com/oauth2/v4/token";
var header = {
alg: "RS256",
typ: "JWT",
};
var now = Math.floor(Date.now() / 1000);
var claim = {
iss: client_email,
sub: impersonate_email,
scope: scopes.join(" "),
aud: url,
exp: (now + 3600).toString(),
iat: now.toString(),
};
var signature = Utilities.base64Encode(JSON.stringify(header)) + "." + Utilities.base64Encode(JSON.stringify(claim));
var jwt = signature + "." + Utilities.base64Encode(Utilities.computeRsaSha256Signature(signature, private_key));
var params = {
method: "post",
payload: {
assertion: jwt,
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
},
};
var res = UrlFetchApp.fetch(url, params).getContentText();
Logger.log(res);
var ss = SpreadsheetApp.getActiveSpreadsheet();
var sheet = ss.getSheetByName("Sheet1");
sheet.getRange(1, 1).setValue(JSON.parse(res)['access_token']);
}
我已经部署了一个受保护的网络应用程序,我想在每次不登录的情况下触发它:
我想在不登录的情况下访问网络应用 URL:
根据此文档,不从浏览器登录是不可能的: https://github.com/tanaikech/taking-advantage-of-Web-Apps-with-google-apps-script/blob/master/README.md
If the script of Web Apps uses some scopes, client users have to authorize the scopes by own browser.
我假设 scopes 表示网络应用程序受到保护。
我试过这个:https://github.com/gsuitedevs/apps-script-oauth2/blob/master/samples/GoogleServiceAccount.gs 但它要求 "request access"
如果我点击 request access,它会显示:
在这一点上,我认为如果不每次都通过浏览器进行身份验证,就不可能设置一个具有范围的服务帐户来触发受保护的已部署 Web 应用程序。谁能证实这一点?
我的假设是 Web 应用程序范围是 https://www.googleapis.com/auth/drive,因为它可以访问所有驱动器的文件。
更新:(我试过但没有用)
我匹配了脚本中的范围:
到服务帐户:
上面的模糊区域是我从以下位置获得的客户端ID:
我已经使用这个脚本生成了访问令牌:
function accessTokens(){
var private_key = "-----BEGIN PRIVATE KEY-----*****\n-----END PRIVATE KEY-----\n"; // private_key of JSON file retrieved by creating Service Account
var client_email = "****@****.iam.gserviceaccount.com"; // client_email of JSON file retrieved by creating Service Account
var scopes = ["https://www.googleapis.com/auth/documents","https://www.googleapis.com/auth/forms","https://www.googleapis.com/auth/script.external_request","https://www.googleapis.com/auth/spreadsheets","https://www.googleapis.com/auth/userinfo.email"]; // Scopes
var url = "https://www.googleapis.com/oauth2/v3/token";
var header = {
alg: "RS256",
typ: "JWT",
};
var now = Math.floor(Date.now() / 1000);
var claim = {
iss: client_email,
scope: scopes.join(" "),
aud: url,
exp: (now + 3600).toString(),
iat: now.toString(),
};
var signature = Utilities.base64Encode(JSON.stringify(header)) + "." + Utilities.base64Encode(JSON.stringify(claim));
var jwt = signature + "." + Utilities.base64Encode(Utilities.computeRsaSha256Signature(signature, private_key));
var params = {
method: "post",
payload: {
assertion: jwt,
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
},
};
var res = UrlFetchApp.fetch(url, params).getContentText();
Logger.log(res);
var ss = SpreadsheetApp.getActiveSpreadsheet();
var sheet = ss.getSheetByName("Sheet1");
sheet.getRange(1, 3).setValue(JSON.parse(res)['access_token']);
}
仍然有同样的错误,它要求请求访问。
经过几天的研究,我弄明白了(当然是在帮助下)。
- 从您部署的网络应用程序脚本中获取范围:
File > Project Properties > Scopes - 在
Manage API client accesshttps://admin.google.com/AdminHome?chromeless=1#OGX:ManageOauthClients 页中与https://www.googleapis.com/auth/drive一起添加范围(使用逗号分隔添加多个范围:http...,http..., etc.) - 对于客户端名称,从管理控制台的服务帐户页面获取客户端 ID:https://console.developers.google.com
- 部署脚本
Publish > Deploy as Web App - 生成访问令牌后(下面的说明),将访问令牌附加到您部署的 Web 应用程序 url
&access_token=YOURTOKENHERE
将此脚本与 google sheet 一起使用,它将在 Sheet1 的单元格 A1 中生成 access_token(将 4 个变量替换为与您相关的信息):
function accessTokens(){
var private_key = "-----BEGIN PRIVATE KEY-----n-----END PRIVATE KEY-----\n"; // private_key of JSON file retrieved by creating Service Account
var client_email = "*****@****.iam.gserviceaccount.com"; // client_email of JSON file retrieved by creating Service Account
var scopes = ["https://www.googleapis.com/auth/documents","https://www.googleapis.com/auth/forms","https://www.googleapis.com/auth/script.external_request","https://www.googleapis.com/auth/spreadsheets","https://www.googleapis.com/auth/userinfo.email","https://www.googleapis.com/auth/drive"]; // Scopes
var impersonate_email = "" //impersonate email
var url = "https://www.googleapis.com/oauth2/v4/token";
var header = {
alg: "RS256",
typ: "JWT",
};
var now = Math.floor(Date.now() / 1000);
var claim = {
iss: client_email,
sub: impersonate_email,
scope: scopes.join(" "),
aud: url,
exp: (now + 3600).toString(),
iat: now.toString(),
};
var signature = Utilities.base64Encode(JSON.stringify(header)) + "." + Utilities.base64Encode(JSON.stringify(claim));
var jwt = signature + "." + Utilities.base64Encode(Utilities.computeRsaSha256Signature(signature, private_key));
var params = {
method: "post",
payload: {
assertion: jwt,
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
},
};
var res = UrlFetchApp.fetch(url, params).getContentText();
Logger.log(res);
var ss = SpreadsheetApp.getActiveSpreadsheet();
var sheet = ss.getSheetByName("Sheet1");
sheet.getRange(1, 1).setValue(JSON.parse(res)['access_token']);
}