Google最近开始为我们提供一个服务帐户的Json密钥文件,而不是P12密钥文件。 我一直在努力得到这个,那里没有很多信息,我看到的信息说这应该有效。
string[] scopes = new string[] { DriveService.Scope.Drive};
Stream stream = new FileStream(jsonKeyFilePath, FileMode.Open, FileAccess.Read, FileShare.Read);
var credential = GoogleCredential.FromStream(stream).CreateScoped(scopes);
但是,它抛出以下异常
从 JSON 创建凭据时出错。无法识别的凭据类型 。
我已经仔细检查了下载的两个不同的 json 密钥文件,试图让它什么都没用。
我认为您使用的是从Firebase下载的文件google-services.json。这不是您需要的文件。您必须做的流程是:
- 转到 Firebase 控制台
- 点击设置
- 单击项目设置
- 点击服务帐户
- 单击"生成新的私钥"按钮
- 使用此方法生成的文件。
我下载了一个服务帐户 json 密钥文件并尝试了相同的代码,它工作正常。如果我手动损坏了 json 密钥文件中的"类型"字段,我能够复制该问题。是否可以重新下载 json 密钥文件,然后重试。以下是 json 密钥文件的外观(已删除敏感数据):
{
"type": "service_account",
"project_id": ...,
"private_key_id": ...,
"private_key": ...,
"client_email": ...,
"client_id": ...,
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": ...
}
以下代码用于使用旧 json 文件或 .p12 文件进行身份验证。
public static class ServiceAccountExample
{
/// <summary>
/// Authenticating to Google using a Service account
/// Documentation: https://developers.google.com/accounts/docs/OAuth2#serviceaccount
/// </summary>
/// <param name="serviceAccountEmail">From Google Developer console https://console.developers.google.com</param>
/// <param name="serviceAccountCredentialFilePath">Location of the .p12 or Json Service account key file downloaded from Google Developer console https://console.developers.google.com</param>
/// <returns>AnalyticsService used to make requests against the Analytics API</returns>
public static CalendarService AuthenticateServiceAccount(string serviceAccountEmail, string serviceAccountCredentialFilePath, string[] scopes)
{
try
{
if (string.IsNullOrEmpty(serviceAccountCredentialFilePath))
throw new Exception("Path to the service account credentials file is required.");
if (!File.Exists(serviceAccountCredentialFilePath))
throw new Exception("The service account credentials file does not exist at: " + serviceAccountCredentialFilePath);
if (string.IsNullOrEmpty(serviceAccountEmail))
throw new Exception("ServiceAccountEmail is required.");
// For Json file
if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".json")
{
GoogleCredential credential;
using (var stream = new FileStream(serviceAccountCredentialFilePath, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential.FromStream(stream)
.CreateScoped(scopes);
}
// Create the Analytics service.
return new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Calendar Service account Authentication Sample",
});
}
else if (Path.GetExtension(serviceAccountCredentialFilePath).ToLower() == ".p12")
{ // If its a P12 file
var certificate = new X509Certificate2(serviceAccountCredentialFilePath, "notasecret", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = scopes
}.FromCertificate(certificate));
// Create the Calendar service.
return new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Calendar Authentication Sample",
});
}
else
{
throw new Exception("Unsupported Service accounts credentials.");
}
}
catch (Exception ex)
{
throw new Exception("CreateServiceAccountCalendarFailed", ex);
}
}
}
}
从服务帐户中翻录的代码.cs
我认为您首先需要反序列化流,至少我在以下位置找到的: https://github.com/google/google-api-dotnet-client/blob/a5288c4493a12791b46f7142efacb83c4fcacf58/Src/Support/GoogleApis.Auth.PlatformServices_Shared/OAuth2/DefaultCredentialProvider.cs#L169
尝试一下,让我们知道。是的,我们需要改进文档,但让我们先找到问题,然后我将在 GitHub 中打开一个新问题,其中包含特定请求。