当前位置: 文江博客话题详情

gdata-python-api +通过简单的身份验证进行分析

发布于 2024-11-05 19:26:10 字数 667 浏览 0 评论 0原文

我正在努力将使用 Google gdata API 客户端 + 用户/通行证身份验证的 Python 脚本转换为更适合生产的内容(API 密钥)。我对他们的身份验证文档的混乱状态感到非常沮丧。诚然,我对 OAuth2 没有很好的掌握,但对于我的使用案例来说,它似乎要复杂得多,即:每 24 小时访问一次 Google Analytics,以获取我们网站上最流行的 X 篇文章。

在这种情况下,我们不会修改某人的个人数据,所有活动都集中在一个帐户上。看起来 OAuth2 不值得为了如此简单的事情而变得复杂。

我在 Google API 控制台 (https://code.google.com/apis/console/) 上看到,我已在那里注册,并注意到有一个“简单 API 访问”部分,其中“客户端 ID”下方有一个键Web 应用程序”(似乎是 OAuth2)。还有 Google 域更新页面 https://www.google.com/accounts/UpdateDomain,但这似乎与 OAuth 相关。

有没有办法使用这个简单 API 访问密钥(不是 OAuth)通过 Python gdata 客户端检索分析数据,如果是这样,有人有任何身份验证示例吗?经过身份验证后,我已经有了数据检索功能,但我使用的是用户/通行证方法,这不适合生产。

原文

I'm working on converting a Python script using the Google gdata API client + user/pass authentication to something more suitable for production (an API key). I am pretty frustrated with the muddled state of their documentation on authentication. I admittedly don't have a great grasp of OAuth2, but it seems like it's way more complicated for my usage case, which is: Hit Google Analytics every 24 hours to get the X most popular articles on our site.

In this scenario, we're not dealing with modifying someone's personal data, and all activity is centered on one account. It doesn't seem like OAuth2 is worth the complexity for something so simple.

I see that on the Google API Console (https://code.google.com/apis/console/), I've registered there and notice that there's a "Simple API Access" section with one key beneath the "Client ID for web applications" (which appears to be OAuth2). There's also the Google domain update page, https://www.google.com/accounts/UpdateDomain, but that appears to be OAuth related.

Is there any way to use this Simple API Access key (not OAuth) for retrieving analytics data with the Python gdata client, and if so, does anyone have any authentication examples? I already have the data retrieval stuff working once authenticated, but I'm using the user/pass approach, which is not appropriate for production.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

隐诗 2024-11-12 19:26:10

Greg,

如果您已经在使用库 gdata-python-client,那么这是相对的如果您是您的应用程序将授权的唯一用户,那么这很容易做到。

9 月份的博文详细介绍了一般机制, 2011 年,但为了完整起见,我将在这里描述它们。

第 1 部分:转到 API 控制台并启动一个新项目。

第 2 部分:从项目中,转到“服务”并启用“Analytics API”

第 3 部分:从项目中,转到“API 访问”,然后单击“创建OAuth 2.0 客户端 ID...”(您需要提供产品名称,但您提供的值并不重要)。当询问应用程序类型时,选择“已安装的应用程序”,然后选择“创建客户端 ID”。由于您将是唯一的用户,因此您只需要一个刷新令牌,并且可以通过从桌面应用程序进行一次授权来获取此令牌。

第 4 部分:从 API 控制台获取您的客户端 ID 和客户端密钥,然后创建一个空令牌:

import gdata.gauth

CLIENT_ID = 'id-from-apis-console'
CLIENT_SECRET = 'secret-from-apis-console'
SCOPE = 'https://www.google.com/analytics/feeds/'  # Default scope for analytics

token = gdata.gauth.OAuth2Token(
    client_id=CLIENT_ID,
    client_secret=CLIENT_SECRET, 
    scope=SCOPE,
    user_agent='application-name-goes-here')

我从 GData 常见问题解答,尽管我不确定它是否正确。

第 5 部分:使用令牌创建授权 URL 供您访问:

url = token.generate_authorize_url(redirect_uri='urn:ietf:wg:oauth:2.0:oob')

由于您的应用程序是“已安装的应用程序”,因此您的重定向 URI 是默认的 'urn:ietf:wg:oauth: 2.0:oob'。 (另请注意,该博文有一个拼写错误,并使用了关键字参数 redirect_url。)

第 6 部分:访问该 URL 并授权您的应用程序代表您的帐户发出请求。授权后,您将被重定向到带有代码的页面。此代码将用于交换访问令牌和长期刷新令牌。代码的有效期为 10 分钟,访问令牌的有效期为 1 小时。刷新令牌将允许您永久获取新的访问令牌来签署请求(或者直到您撤销帐户的权限为止)。

第 7 部分:使用代码获取访问令牌:

code = 'random-string-from-redirected-page'
token.get_access_token(code)  # This returns the token, but also changes the state

这又与博客文章略有不同,因为我们使用的是已安装的应用程序。

第 8 部分:使用令牌,您现在可以向分析客户端发出您想要的所有请求:

import gdata.analytics.client

client = gdata.analytics.client.AnalyticsClient()
token.authorize(client)

这就是这里的大钱。当访问令牌过期时,使用该令牌签名的 API 请求将被拒绝。但是,通过如上所述对客户端进行授权,当所述请求失败时,令牌会尝试使用刷新令牌来获取新的访问令牌。如果成功获取新的访问令牌,客户端将重新发送使用新访问令牌签名的原始 API 请求。

我对 Analytics API 一无所知,因此我不会提供更多详细信息。

将来使用注意事项1:保存信息以供将来使用。您可以从不同的地方重复使用它,并且在使用之后非常容易。库提供了名为 token_to_blobtoken_from_blob 的方法,允许将令牌转换为字符串并从字符串中转换出来:

saved_blob_string = gdata.gauth.token_to_blob(token)

完成此操作后,您可以存储文件中的字符串并终止正在运行的 Python 进程。当您想再次使用它时:

saved_blob_string = retrieve_string_from_file()  # You'll need to implement this
token = gdata.gauth.token_from_blob(saved_blob_string)

未来使用注意事项 2:只要您刷新,此令牌将能够用于授权客户端并一次又一次地执行您的所有魔法周围的令牌。如果由于某种原因您想在不调用 token.generate_authorize_url 的情况下再次获取访问令牌,则需要在对象上手动设置:

token.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'

未来使用注意事项 3:此外,如果您丢失了刷新令牌,并且想获取另一个刷新令牌,而无需前往浏览器撤销原始令牌,您可以使用 approval_prompt 参数通过访问以下生成的 url 来获取新的刷新令牌:

url = token.generate_authorize_url(
    redirect_uri='urn:ietf:wg:oauth:2.0:oob',
    approval_prompt='force')

Greg,

If you are already using the library gdata-python-client, this is relatively easy to do if you are the only user that your application will be authorizing.

The general mechanisms were detailed in a blog post in September, 2011, but I'll describe them here for completeness.

Part 1: Go to the APIs console and start a new project.

Part 2: From the project, go to "Services" and enable "Analytics API"

Part 3: From the project, go to "API Access" and click "Create an OAuth 2.0 client ID..." (you'll need to provide a product name, though the value you provide won't matter). When asked for the application type, select "Installed Application" and then "Create client ID". Since you will be the only user, you will only need one refresh token, and you can get this by authorizing from a desktop application a single time.

Part 4: Get your client id and client secret from the APIs console and then create an empty token:

import gdata.gauth

CLIENT_ID = 'id-from-apis-console'
CLIENT_SECRET = 'secret-from-apis-console'
SCOPE = 'https://www.google.com/analytics/feeds/'  # Default scope for analytics

token = gdata.gauth.OAuth2Token(
    client_id=CLIENT_ID,
    client_secret=CLIENT_SECRET, 
    scope=SCOPE,
    user_agent='application-name-goes-here')

I got the scope from GData FAQ, though I'm not sure if it is correct.

Part 5: Use the token to create authorization URL for you to visit:

url = token.generate_authorize_url(redirect_uri='urn:ietf:wg:oauth:2.0:oob')

Since your application is an "Installed Application", your redirect URI is the default 'urn:ietf:wg:oauth:2.0:oob'. (Also note, the blog post had a typo and used the keyword argument redirect_url.)

Part 6: Visit the url and authorize your application to make requests on behalf of your account. After authorizing, you'll be redirected to a page with a code on it. This code will be used to exchange for an access token and a long-lived refresh token. The code has a life of 10 minutes and the access token has a life of an hour. The refresh token will allow you to get new access tokens for signing requests in perpetuity (or until you revoke the permission from your account).

Part 7: Use the code to get an access token:

code = 'random-string-from-redirected-page'
token.get_access_token(code)  # This returns the token, but also changes the state

This again differs slightly from the blog post, because we are using an installed application.

Part 8: With the token you can now make all requests you want to make to the analytics client:

import gdata.analytics.client

client = gdata.analytics.client.AnalyticsClient()
token.authorize(client)

This is the big money right here. When an access token expires, the API requests signed with that token are rejected. However, by authorizing the client as above, when the said requests fail, the token attempts to use the refresh token to obtain a new access token. If it successfully obtains a new access token, the client resends the original API request, signed with the new access token.

I don't know anything about the Analytics API so I won't provide any more details there.

Future Use Note 1: Saving information for future use. You can re-use this from different places and after this use very easily. There are methods called token_to_blob and token_from_blob provided by the library that allow turning a token into a string and converting out of a string:

saved_blob_string = gdata.gauth.token_to_blob(token)

Once you have done this, you can store the string in a file and kill your running Python process. When you'd like to use it again:

saved_blob_string = retrieve_string_from_file()  # You'll need to implement this
token = gdata.gauth.token_from_blob(saved_blob_string)

Future Use Note 2: This token will be able to be used to authorize a client and perform all your magic again and again, so long as you have the refresh token around. If for some reason you would like to get an access token again without calling token.generate_authorize_url, you'll need to manually set this on the object:

token.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'

Future Use Note 3: Also, if you lose your refresh token and would like to get another one without having to go to the browser to revoke the original, you can use the approval_prompt parameter to get a new refresh token by visiting the url generated by:

url = token.generate_authorize_url(
    redirect_uri='urn:ietf:wg:oauth:2.0:oob',
    approval_prompt='force')
回复 原文
~没有更多了~

关于作者

一向肩并

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lorenzathorton8

文章 0 评论 0

Zero

文章 0 评论 0

萧瑟寒风

文章 0 评论 0

mylayout

文章 0 评论 0

tkewei

文章 0 评论 0

17818769742

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文