我在GoogleWebAuthorizationBroker上挣扎了好几天。它在2020年7月14日挂起广告窗口更新,在此之前它运行得很完美。我们的IIS v.10在Windows 10上运行。我们定位到该函数生成挂起:
private async Task<UserCredential> GoogleAuthorize()
{
UserCredential userCredential = null;
using (var stream = new FileStream($@"{_configuration["Documents:Root"]}client_id.json", FileMode.Open, FileAccess.Read))
{
ClientSecrets secrets = GoogleClientSecrets.Load(stream).Secrets;
// This OAuth 2.0 access scope allows for read-only access to the authenticated
// user's account, but not other types of account access.
IEnumerable<string> scopes = new List<string>
{
GmailService.Scope.GmailReadonly,
GmailService.Scope.MailGoogleCom,
GmailService.Scope.GmailModify
};
CancellationTokenSource cts = new CancellationTokenSource();
cts.CancelAfter(TimeSpan.FromSeconds(60));
CancellationToken ct = cts.Token;
FileDataStore file = new FileDataStore(@$"C:Gmail", true);
userCredential = await GoogleWebAuthorizationBroker.AuthorizeAsync(secrets, scopes, "username", ct, file);
}
return userCredential;
}
也这样尝试过:
private async Task<UserCredential> GoogleAuthorizationCodeFlow()
{
ClientSecrets secrets = null;
UserCredential credentials = null;
using (FileStream stream = new FileStream($@"{_configuration["Documents:Root"]}client_id.json", FileMode.Open, FileAccess.Read))
{
secrets = GoogleClientSecrets.Load(stream).Secrets;
GoogleAuthorizationCodeFlow.Initializer initailizer = new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = secrets
};
CancellationTokenSource cts = new CancellationTokenSource();
cts.CancelAfter(TimeSpan.FromSeconds(60));
CancellationToken ct = cts.Token;
IEnumerable<string> scopes = new List<string>
{
GmailService.Scope.GmailReadonly,
GmailService.Scope.MailGoogleCom,
GmailService.Scope.GmailModify
};
FileDataStore file = new FileDataStore(@$"C:Gmail", true);
credentials = await GoogleWebAuthorizationBroker.AuthorizeAsync(initailizer, scopes, "username", ct);
}
return await Task.FromResult(credentials);
}
我们还得到了一些日志:拒绝访问路径"C:\Windows\system32\config\systemprofile">
服务gmail引发异常:Google.GoogleApiException:Google.Apis.Requests.RequestError请求缺少所需的身份验证凭据。需要OAuth 2访问令牌、登录cookie或其他有效的身份验证凭据
这些功能在本地机器上工作,但挂在服务器上。
GoogleWebAuthorizationBroker.AuthorizeAsync是为与已安装的应用程序一起使用而设计的。它将在运行它的计算机上打开登录和同意屏幕。这在开发中的计算机上可以正常工作,但在通过IIS托管的情况下,这将不起作用,因为它将尝试在服务器上而不是在用户计算机上打开浏览器窗口。
对于asp.net核心,您需要在依赖注入中添加以下内容
.AddGoogleOpenIdConnect(options =>
{
IConfigurationSection googleAuthSection = Configuration.GetSection("Authentication:Google");
options.ClientId = googleAuthSection["ClientId"];
options.ClientSecret = googleAuthSection["ClientSecret"];
options.Scope.Add(Google.Apis.Calendar.v3.CalendarService.Scope.Calendar);
});
我在这里有一个相关的问题通过asp.net连接到谷歌api核心导致无休止的授权循环