更新时间:2023-01-09 14:34:53
@David的答案使我走上了正确的轨道,但是在使用服务帐户时遇到了一些问题.
@David answer got me on the right track, but I had some problems with using a service account.
我决定使用服务帐户和模拟API,请注意,这将为您的应用程序提供非常高的访问权限,并显着提高安全性!
I decided to use service account and impersonation API, beware that this gives a very high level of access to your applicaiton and raises the security bar consideably!
无论如何,这是您需要做的:
Anyways, here is what you need to do:
按照本教程进行操作,但是当设置凭据创建服务帐户
Follow this tutorial, but when setting up credentials create a service account
这是页面的重要内容:
(...),您可以在开发人员中自行激活Admin SDK 通过执行以下操作进行控制台:
(...) you can activate the Admin SDK yourself in the Developers Console by doing the following:
如果还没有这样做,请通过以下方式创建OAuth 2.0凭据: 点击OAuth标题下的创建新的客户端ID.接下来,寻找 您的应用程序的客户ID和客户机密在相关表中 您也可以从此页面创建和编辑重定向URI.
If you haven't done so already, create your OAuth 2.0 credentials by clicking Create new Client ID under the OAuth heading. Next, look for your application's client ID and client secret in the relevant table You may also create and edit redirect URIs from this page.
请注意,您需要在第5步中提供Client ID
而不是Email Address
.
Please note that you'll need to provide Client ID
not Email Address
in step 5.
请参见范围列表.
安装google-api-python-client,将PyCrypto设置为PyOpenSSL(您可以省略PyOpenSSL),但是随后您需要转换下载的证书.
Install google-api-python-client, PyCrypto an PyOpenSSL (you may omit PyOpenSSL), but then you'll need to convert downloaded certificate.
with open('private/key-filename.p12', 'rb') as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(
'user-email-@developer.gserviceaccount.com', # Email address [1]
private_key,
'https://www.googleapis.com/auth/admin.directory.user',
sub="impersonated-user@foo.bar" # Impersonate user [2])
Email Address
of Service account (this is different from Client ID) in step 5.现在,您应该具有对API的读写帐户.
Now you should have read-write account to your API.