Credentials 对象何时失效?
When does a Credentials object become invalidated?
我正在玩基于 https://developers.google.com/drive/v3/web/quickstart/python 的 Python 脚本,它工作正常。我可以将简单的文本文件上传到我的云端硬盘帐户。
该页面的代码如下:
# If modifying these scopes, delete your previously saved credentials
# at ~/.credentials/drive-python-quickstart.json
SCOPES = 'https://www.googleapis.com/auth/drive.metadata.readonly'
CLIENT_SECRET_FILE = 'client_secret.json'
APPLICATION_NAME = 'Drive API Python Quickstart'
def get_credentials():
"""Gets valid user credentials from storage.
If nothing has been stored, or if the stored credentials are invalid,
the OAuth2 flow is completed to obtain the new credentials.
Returns:
Credentials, the obtained credential.
"""
home_dir = os.path.expanduser('~')
credential_dir = os.path.join(home_dir, '.credentials')
if not os.path.exists(credential_dir):
os.makedirs(credential_dir)
credential_path = os.path.join(credential_dir,
'drive-python-quickstart.json')
store = Storage(credential_path)
credentials = store.get()
if not credentials or credentials.invalid:
flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
flow.user_agent = APPLICATION_NAME
if flags:
credentials = tools.run_flow(flow, store, flags)
else: # Needed only for compatibility with Python 2.6
credentials = tools.run(flow, store)
print('Storing credentials to ' + credential_path)
return credentials
假设脚本执行一次,导致 'drive-python-quickstart.json' 文件被保存为类似这样的内容(当然是 X 替换敏感信息):
{"_module": "oauth2client.client",
"scopes": ["https://www.googleapis.com/auth/drive.file"],
"token_expiry": "2016-11-13T07:15:15Z",
"id_token": null,
"access_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"invalid": false,
"token_response": {"access_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"},
"client_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com",
"token_info_uri": "https://www.googleapis.com/oauth2/v3/tokeninfo",
"client_secret": "XXXXXXXXXXXXXXXXXXXXXXXX",
"revoke_uri": "https://accounts.google.com/o/oauth2/revoke",
"_class": "OAuth2Credentials",
"refresh_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"user_agent": null}
假设 'drive-python-quickstart.json' 文件始终存在并且可读可写。假设一段时间过去了,脚本在 JSON 值中的 "token_expiry" 键给出的时间之后的某个时间再次执行。是否期望某些东西检测到 Credentials 对象的时间已过期,从而迫使 credentials 对象切换到无效状态,这意味着 credentials.invalid 然后变为 True?或者 "refresh_token" 字段的存在意味着 API 中的内容会自动更新 'drive-python-quickstart.json' 文件,这样 credentials.invalid 总是 returns 是吗?
只要您的刷新令牌正常,Google python 客户端库就会根据需要刷新访问令牌。明确地说,客户端库用于访问 API。 API 无法控制您的身份验证。它希望您,或者更确切地说是客户端库,向它发送它需要的信息,以便它工作。
重要提示:六个月未使用的刷新令牌也会过期,因此我建议您 运行 您的脚本至少每六个月一次。
我正在玩基于 https://developers.google.com/drive/v3/web/quickstart/python 的 Python 脚本,它工作正常。我可以将简单的文本文件上传到我的云端硬盘帐户。
该页面的代码如下:
# If modifying these scopes, delete your previously saved credentials
# at ~/.credentials/drive-python-quickstart.json
SCOPES = 'https://www.googleapis.com/auth/drive.metadata.readonly'
CLIENT_SECRET_FILE = 'client_secret.json'
APPLICATION_NAME = 'Drive API Python Quickstart'
def get_credentials():
"""Gets valid user credentials from storage.
If nothing has been stored, or if the stored credentials are invalid,
the OAuth2 flow is completed to obtain the new credentials.
Returns:
Credentials, the obtained credential.
"""
home_dir = os.path.expanduser('~')
credential_dir = os.path.join(home_dir, '.credentials')
if not os.path.exists(credential_dir):
os.makedirs(credential_dir)
credential_path = os.path.join(credential_dir,
'drive-python-quickstart.json')
store = Storage(credential_path)
credentials = store.get()
if not credentials or credentials.invalid:
flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
flow.user_agent = APPLICATION_NAME
if flags:
credentials = tools.run_flow(flow, store, flags)
else: # Needed only for compatibility with Python 2.6
credentials = tools.run(flow, store)
print('Storing credentials to ' + credential_path)
return credentials
假设脚本执行一次,导致 'drive-python-quickstart.json' 文件被保存为类似这样的内容(当然是 X 替换敏感信息):
{"_module": "oauth2client.client",
"scopes": ["https://www.googleapis.com/auth/drive.file"],
"token_expiry": "2016-11-13T07:15:15Z",
"id_token": null,
"access_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"invalid": false,
"token_response": {"access_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"},
"client_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com",
"token_info_uri": "https://www.googleapis.com/oauth2/v3/tokeninfo",
"client_secret": "XXXXXXXXXXXXXXXXXXXXXXXX",
"revoke_uri": "https://accounts.google.com/o/oauth2/revoke",
"_class": "OAuth2Credentials",
"refresh_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"user_agent": null}
假设 'drive-python-quickstart.json' 文件始终存在并且可读可写。假设一段时间过去了,脚本在 JSON 值中的 "token_expiry" 键给出的时间之后的某个时间再次执行。是否期望某些东西检测到 Credentials 对象的时间已过期,从而迫使 credentials 对象切换到无效状态,这意味着 credentials.invalid 然后变为 True?或者 "refresh_token" 字段的存在意味着 API 中的内容会自动更新 'drive-python-quickstart.json' 文件,这样 credentials.invalid 总是 returns 是吗?
只要您的刷新令牌正常,Google python 客户端库就会根据需要刷新访问令牌。明确地说,客户端库用于访问 API。 API 无法控制您的身份验证。它希望您,或者更确切地说是客户端库,向它发送它需要的信息,以便它工作。
重要提示:六个月未使用的刷新令牌也会过期,因此我建议您 运行 您的脚本至少每六个月一次。