如何在.net中使用ServiceAccount使用Google OAuth2

本文关键字：ServiceAccount 使用 Google OAuth2 net | 更新日期: 2023-09-27 18:11:55

是否有任何示例如何使用。net中的服务帐户访问谷歌服务API ?

private const string SERVICE_ACCOUNT_EMAIL = "xxxxxxxxxxx@developer.gserviceaccount.com";
private const string SERVICE_ACCOUNT_PKCS12_FILE_PATH = @"'path'test-privatekey.p12";
static DriveService BuildService() 
{
    X509Certificate2 certificate = new X509Certificate2(SERVICE_ACCOUNT_PKCS12_FILE_PATH, "notasecret",
    X509KeyStorageFlags.Exportable);
    var provider = new AssertionFlowClient(GoogleAuthenticationServer.Description, certificate)
    {
        ServiceAccountId = SERVICE_ACCOUNT_EMAIL,
        Scope = DriveService.Scopes.Drive.GetStringValue(),
    };
    var auth = new OAuth2Authenticator<AssertionFlowClient>(provider, AssertionFlowClient.GetState);
    return new DriveService((new BaseClientService.Initializer()
    {
        Authenticator = auth
    });
}

返回OAuth连接不成功。如何做到这一点?

创建服务帐户密钥凭据
创建服务私钥。(关键json)。例子:

    {
      "type": "service_account",
      "project_id": "...",
      "private_key_id": "....",
      "private_key": "....",
      "client_email": ".....@developer.gserviceaccount.com",
      "client_id": "....",
      "auth_uri": "...accounts.google.com/o/oauth2/auth",
      "token_uri": "...accounts.google.com/o/oauth2/token",
      "auth_provider_x509_cert_url": "...www.googleapis.com/oauth2/v1/certs",
      "client_x509_cert_url": "...www.googleapis.com/robot/v1/metadata/x509/....-compute%40developer.gserviceaccount.com"
    }

使用这个json，你必须生成一个c#类。您可以使用(http://json2csharp.com/)。这个更快

使用此代码生成凭据:

       var _pathJson = @"C:'servicekey.json";
       var json = File.ReadAllText(_pathJson);
       var cr = JsonConvert.DeserializeObject<PersonalServiceAccountCred>(json); 
       // "personal" service account credential
       // Create an explicit ServiceAccountCredential credential
       var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(cr.ClientEmail)
                {
                    Scopes = new[] { YouTubeService.Scope.YoutubeUpload /*Here put scope that you want use*/}
                }.FromPrivateKey(cr.PrivateKey));

本案例适用于我的网站

var certificate = new X509Certificate2("pathTo***.p12", "notasecret", X509KeyStorageFlags.Exportable);
        var serviceAccountEmail = "********-*********@developer.gserviceaccount.com";
        var userAccountEmail = "******@gmail.com";
        ServiceAccountCredential credential = new ServiceAccountCredential(
                   new ServiceAccountCredential.Initializer(serviceAccountEmail)
                   {
                       Scopes = new[] { DriveService.Scope.Drive },
                       User = userAccountEmail
                   }.FromCertificate(certificate));
        // Create the service.
        var service = new DriveService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = "*****",
        });