1,作品,2不.
返回的错误是“刷新OAuth2令牌时出错,消息:'{”错误“:”unauthorized_client“,”error_description“:”请求中未经授权的客户端或范围.“}’”
所有3个帐户都在开发者控制台中注册.
所有3个都有权在Google Apps控制台中进行“托管客户端API访问”.
所有3的范围都是“https://www.googleapis.com/auth/drive.readonly”.
所有3个驱动器,都有一个特定的文件夹,共享为“仅查看”.
我正在使用PHP并将一个参数传递给名为“type”的页面,并反映了该帐户的用途,1表示公共,1表示成员,1表示管理员.
例如
http://www.somehost.com/oauth_client.PHP?type=googledrive_admin
p12证书和用户值存储在服务器上.所有“ini”文件都具有相同的值结构,client_id,client_email,范围和查询过滤器.在所有情况下,文件之间唯一更改的项是client_id和client_email.
我的代码如下:
<?PHP include (__DIR__ . "/google-api-PHP-client/autoload.PHP"); google_api_PHP_client_autoload("Google_Auth_AssertionCredentials"); google_api_PHP_client_autoload("Google_Client"); google_api_PHP_client_autoload("Google_Service_Drive"); google_api_PHP_client_autoload("Google_Service_OAuth2"); $type = $_GET['type']; $path = __DIR__ . "/secure/"; $certificate = $path . $type . ".p12"; $ini_path = $path . $type . ".ini"; $ini = parse_ini_file($ini_path); $service_scope = $ini['scope']; $service_account_id = $ini['id']; $service_account_email = $ini['email']; $service_query = $ini['q']; $service_account_key = file_get_contents($certificate); $credentials = new Google_Auth_AssertionCredentials( $service_account_email,array($service_scope),$service_account_key ); $credentials -> sub = $service_account_email; $google_client = new Google_Client(); $google_client -> setAssertionCredentials($credentials); if ($google_client -> getAuth() -> isAccessTokenExpired()) { $google_client -> getAuth() -> refreshTokenWithAssertion(); **//FAILS HERE** } $drive = new Google_Service_Drive($google_client); $result = array(); $pageToken = NULL; do { try { $parameters = array(); if ($pageToken) { $parameters['pageToken'] = $pageToken; } $parameters['q'] = $service_query; $files = $drive -> files -> listFiles($parameters); $result = array_merge($result,$files -> getItems()); $pageToken = $files -> getNextPageToken(); } catch (Exception $e) { print "An error occurred: " . $e -> getMessage(); $pageToken = NULL; } } while ($pageToken); echo json_encode($result) . "\n"; ?>
每个ini文件的结构如下
id="35{code}.apps.googleusercontent.com" email="35{code}@developer.gserviceaccount.com" scope="https://www.googleapis.com/auth/drive.readonly" q="mimeType != 'application/vnd.google-apps.folder'"
我无法解决的问题是,当我为所有这些帐户完成相同的过程时,为什么这适用于一个服务帐户而不适用于其他服务帐户.任何想法和帮助表示赞赏.