我正在进行一个项目,根据https://12factor.net/config,我们在代码中不使用凭据,而是使用环境变量。
我正在研究使用Google Sheets API来整理我们数据库中的一些数据,并将其放入Google sheet中。以下是中的部分示例脚本https://developers.google.com/sheets/api/quickstart/python:
from __future__ import print_function
from apiclient.discovery import build
from httplib2 import Http
from oauth2client import file as oauth_file, client, tools
# Setup the Sheets API
SCOPES = 'https://www.googleapis.com/auth/spreadsheets.readonly'
store = oauth_file.Storage('token.json')
creds = store.get()
if not creds or creds.invalid:
flow = client.flow_from_clientsecrets('credentials.json', SCOPES)
creds = tools.run_flow(flow, store)
service = build('sheets', 'v4', http=creds.authorize(Http()))
首先,我从文档中不清楚'token.json'和'credentials.json'在这个例子中应该是什么。在API控制台的Credentials选项卡中,我下载了一个client_secret_<long suffix>.json,如下所示:
{"installed":{"client_id":"[our_client_id]","project_id":"nps-survey-1532981793379","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"[our_client_secret]","redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]}}
这个JSON文件应该是本例中的'token.json',还是'credentials.json'?此外,是否有一种方法可以通过直接指定客户端机密和客户端ID来实例化有效的creds,而不使用此JSON文件?
我最终完成了web应用程序(而不是已安装的应用程序(的OAuth 2.0设置,并使用了google_auth_oauthlib。Flow对象有一个类方法from_client_config(),可以这样使用(参见。https://developers.google.com/identity/protocols/OAuth2WebServer):
from django.conf import settings
from django.shortcuts import redirect
import google.oauth2.credentials
import google_auth_oauthlib.flow
# Client configuration for an OAuth 2.0 web server application
# (cf. https://developers.google.com/identity/protocols/OAuth2WebServer)
CLIENT_CONFIG = {'web': {
'client_id': settings.GOOGLE_CLIENT_ID,
'project_id': settings.GOOGLE_PROJECT_ID,
'auth_uri': 'https://accounts.google.com/o/oauth2/auth',
'token_uri': 'https://www.googleapis.com/oauth2/v3/token',
'auth_provider_x509_cert_url': 'https://www.googleapis.com/oauth2/v1/certs',
'client_secret': settings.GOOGLE_CLIENT_SECRET,
'redirect_uris': settings.GOOGLE_REDIRECT_URIS,
'javascript_origins': settings.GOOGLE_JAVASCRIPT_ORIGINS}}
# This scope will allow the application to manage your calendars
SCOPES = ['https://www.googleapis.com/auth/calendar']
def get_authorization_url():
# Use the information in the client_secret.json to identify
# the application requesting authorization.
flow = google_auth_oauthlib.flow.Flow.from_client_config(
client_config=CLIENT_CONFIG,
scopes=SCOPES)
# Indicate where the API server will redirect the user after the user completes
# the authorization flow. The redirect URI is required.
flow.redirect_uri = 'http://localhost:8000'
# Generate URL for request to Google's OAuth 2.0 server.
# Use kwargs to set optional request parameters.
authorization_url, state = flow.authorization_url(
# Enable offline access so that you can refresh an access token without
# re-prompting the user for permission. Recommended for web server apps.
access_type='offline',
# Enable incremental authorization. Recommended as a best practice.
include_granted_scopes='true')
return authorization_url, state
settings属性依次通过为每个相应的属性调用os.getenv()来生成。通过这种方式,可以从环境变量而不是本地文件中获取配置。