oauth 2.0 - Google OAuth2 Service Accounts API Authorization -
i'm trying authenticate server app through google's service account authentication but, reason, not pushing through.
in api console, created project, enabled service need (admin sdk), , created service account , web application api access.
when use web application access credentials able authenticate , retrieve user records. using service account authentication keep giving me login required message.
"error": { "errors": [ { "domain": "global", "reason": "required", "message": "login required", "locationtype": "header", "location": "authorization" } ], "code": 401, "message": "login required" }
i forgot add, testing php client library.
public function init() { $client = new google_client(); if (isset($_session['access_token'])) { $client->setaccesstoken($_session['access_token']); } $key = file_get_contents(app::service_key_file); $client->setassertioncredentials(new google_assertioncredentials( app::service_account_name, app::service_api_scopes, $key) ); $client->setclientid(app::service_client_id); debug($client, 'client'); if ($client->getaccesstoken()) { $this->access_token = $_session['access_token'] = $client->getaccesstoken(); debug($_session['access_token'], 'token'); } else { debug('no token'); } $this->client = $client; }
as can see, code same google example. missing step?
one last thing, when authenticate using web app access service account script, service account script can pick web app script's session , push through user record retrievals. mean admin sdk api explicitly needs user interaction through web app authentication?
instead of service account, instead opted use installed applications api access.
this ruby gem helped figure out - https://github.com/evendis/gmail_cli
playing on console , followed authorization steps in readme, , found installed applications more simple when doing server admin apps.
being newb, think missed important part refresh token plays in entire process. going via installed application approach helped me figure out.
my config file contains client id, client secret, api scope, redirect uri, authorization code, , refresh token; initialization code looks like:
public function init() { $client = new google_client(); $client->setclientid(app::client_id); $client->setclientsecret(app::client_secret); $client->setscopes(app::api_scopes); $client->setredirecturi(app::redirect_uri); if (!$client->getaccesstoken()) { $client->refreshtoken(app::refresh_token); } $this->access_token = $client->getaccesstoken(); $this->client = $client; }
Comments
Post a Comment