我遇到了SignedJwtAssertionCredentials的问题。 这篇文章已经报道了这个问题:got 'invalid_grant' in oauth2 SignedJwtAssertionCredentials 但那个解决方案对我不起作用。 这里简要介绍一下我的代码:
SERVICE_ACCOUNT_EMAIL = 'xxx.apps.googleusercontent.com'
SERVICE_ACCOUNT_PEM_FILE_PATH = 'privatekey.pem'
SCOPES = ['https://www.googleapis.com/auth/drive.metadata.readonly',
'https://www.googleapis.com/auth/drive.readonly',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/admin.directory.user']
def get_drive_service_for_user(user_email):
f = file(SERVICE_ACCOUNT_PEM_FILE_PATH, 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(
SERVICE_ACCOUNT_EMAIL,
key,
scope=SCOPES,
sub=user_email)
http = httplib2.Http()
http = credentials.authorize(http)
return build('drive', 'v2', http=http)
这是日志:
Refreshing access_token
I 09:08:54.911 Failed to retrieve access token: {
"error" : "access_denied",
"error_description" : "Requested client not authorized."
}
E 09:08:54.911 access_denied
Traceback (most recent call last):
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-
2.3/webapp2.py", line 1511, in __call__
rv = self.handle_exception(request, response, e)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-
2.3/webapp2.py", line 1505, in __call__
rv = self.router.dispatch(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-
2.3/webapp2.py", line 1253, in default_dispatcher
return route.handler_adapter(request, response)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-
2.3/webapp2.py", line 1077, in __call__
return handler.dispatch()
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-
2.3/webapp2.py", line 547, in dispatch
return self.handle_exception(e, self.app.debug)
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-
2.3/webapp2.py", line 545, in dispatch
return method(*args, **kwargs)
File "/base/data/home/apps/s~docs-script/1.378398783184725654/source/handlers.py", line 15, in
get
f_list = service.get_ousiders_files()
File "/base/data/home/apps/s~docs-script/1.378398783184725654/source/service.py", line 10, in
get_ousiders_files
service = get_drive_service_for_user('fat.controller@steam2.com')
File "/base/data/home/apps/s~docs-script/1.378398783184725654/source/auth.py", line 102, in
get_drive_service_for_user
return build('drive', 'v2', http=authorized_http)
File "/base/data/home/apps/s~docs-script/1.378398783184725654/apiclient/discovery.py", line 175,
in build
resp, content = http.request(requested_url)
File "/base/data/home/apps/s~docs-script/1.378398783184725654/oauth2client/util.py", line 132, in
positional_wrapper
return wrapped(*args, **kwargs)
File "/base/data/home/apps/s~docs-script/1.378398783184725654/oauth2client/client.py", line 475,
in new_request
self._refresh(request_orig)
File "/base/data/home/apps/s~docs-script/1.378398783184725654/oauth2client/client.py", line 653,
in _refresh
self._do_refresh_request(http_request)
File "/base/data/home/apps/s~docs-script/1.378398783184725654/oauth2client/client.py", line 710,
in _do_refresh_request
raise AccessTokenRefreshError(error_msg)
AccessTokenRefreshError: access_denied
我按照本指南设置了所有域范围的授权:https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account
感谢您的帮助