Google 使用 OAuth2 身份验证解决来自 JavaScript 客户端的 API 问题
现在已经为此苦苦挣扎了好几个小时,文档似乎很糟糕。基本上,我尝试使用 Portable 获取对 OAuth2 身份验证用户联系人的读取权限通讯录 API 或完整的通讯录 API。 Google 最近开始允许 OAuth2。
我可以通过联系人 API 访问用户联系人,方法是首先让用户使用以下范围进行身份验证:“https://www.google.com/m8/feeds”。然后我可以使用 jQuery 检索他们的前 25 个联系人(显示的代码为 CoffeeScript),
$.ajax
url: "https://www.google.com/m8/feeds/contacts/default/full"
dataType: 'jsonp'
data: { access_token: token, alt: 'json-in-script' }
success: (data, status) ->
console.log "The returned data", data
这样就可以了,并且我得到了 JSON 数据。然而,几乎令人难以置信的是,Google 提供的唯一联系人顺序(据我所知)是 '
这恰好是 Google Portable Contacts API 可以做到的事情 , (耶!)。当然,我似乎无法成功请求工作。
首先,我让用户通过单击此链接(注意范围:“https://www-opensocial.googleusercontent.com/api/people”)使用便携式联系人 API 进行身份验证,
<a href="https://accounts.google.com/o/oauth2/authclient_id=457681297736.apps.googleusercontent.com&response_type=token&redirect_uri=http://localhost:3000/team&scope=https://www-opensocial.googleusercontent.com/api/people">Import Google Contacts</a>
效果很好,并且我获得了访问令牌过去了。
接下来,我尝试向便携式联系人 API 发送 ajax 请求,
$.ajax
url: "https://www-opensocial.googleusercontent.com/api/people/@me/@all"
dataType: 'jsonp'
data: { access_token: token, alt: 'json-in-script' }
success: (data, status) ->
console.log "The returned data", data
但这会返回 403 错误
403 (The currently logged in user and/or the gadget requesting data, does not have access to people data.
你知道我做错了什么吗?
附录
我在 Google OAuth2 论坛中发现了此错误报告,其中建议我们需要设置一个使用便携式联系人 API 时的授权标头。所以我尝试了这样的操作:
$.ajax
url: "https://www-opensocial.googleusercontent.com/api/people/@me/@all"
dataType: 'jsonp'
data: { access_token: token, alt: 'json-in-script' }
beforeSend: (xhr) ->
xhr.setRequestHeader "Authorization", "OAuth #{token}"
data: { access_token: token }
success: (data, status) ->
console.log "The returned data", data
但这给我带来了同样的 403 错误:
403 (The currently logged in user and/or the gadget requesting data, does not have access to people data
Been wrestling with this for many hours now, the Docs seem to be terrible. Basically I'm trying to get read access to an OAuth2 authenticated users contacts, using either the Portable Contacts API or the full blown Contacts API. Google have recently started allowing OAuth2.
I can get access to a users contacts via the Contacts API by first getting the user to authenticate with the scope: "https://www.google.com/m8/feeds". Then I can retrieve their first 25 contacts using jQuery (code shown is CoffeeScript)
$.ajax
url: "https://www.google.com/m8/feeds/contacts/default/full"
dataType: 'jsonp'
data: { access_token: token, alt: 'json-in-script' }
success: (data, status) ->
console.log "The returned data", data
That works, and I get JSON data. However, almost unbelievably, the only contacts order that Google provides (as far as I can tell) is 'lastmodified' (seriously wtf?). I need something more like 'top friends' or 'most popular'.
Which, happens to be something that the Google Portable Contacts API can do, (Yay!). Of course, I can't seem to get a successful request to work.
First, I get the user to authenticate with the portable contacts API by clicking this link (note the scope: "https://www-opensocial.googleusercontent.com/api/people")
<a href="https://accounts.google.com/o/oauth2/authclient_id=457681297736.apps.googleusercontent.com&response_type=token&redirect_uri=http://localhost:3000/team&scope=https://www-opensocial.googleusercontent.com/api/people">Import Google Contacts</a>
That works fine, and I get an access token passed back.
Next I try to send an ajax request to the portable contacts API
$.ajax
url: "https://www-opensocial.googleusercontent.com/api/people/@me/@all"
dataType: 'jsonp'
data: { access_token: token, alt: 'json-in-script' }
success: (data, status) ->
console.log "The returned data", data
But that returns a 403 Error
403 (The currently logged in user and/or the gadget requesting data, does not have access to people data.
Any ideas what I'm doing wrong?
Appendix
I found this bug report in the Google OAuth2 forum which advised that we need to set an authorization header when working with the Portable Contacts API. So I tried that like this:
$.ajax
url: "https://www-opensocial.googleusercontent.com/api/people/@me/@all"
dataType: 'jsonp'
data: { access_token: token, alt: 'json-in-script' }
beforeSend: (xhr) ->
xhr.setRequestHeader "Authorization", "OAuth #{token}"
data: { access_token: token }
success: (data, status) ->
console.log "The returned data", data
But that gets me the same 403 error:
403 (The currently logged in user and/or the gadget requesting data, does not have access to people data
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
问题是您显然无法在 JSONP 请求上设置请求标头。有关详细信息,请参阅此问题的答案。
据我所知,替代方案是:
谷歌不应该这么难。
The problem is that you apparently can't set a request header on a JSONP request. See the answer on this question for more information.
The alternatives as far as I can see are:
It shouldn't be this difficult Google.