谷歌身份验证器 api

This article explains how to use the Google Developers Console to authenticate to any of the Google APIs.

本文介绍了如何使用Google Developers Console对任何Google API进行身份验证。

The Developers Console can be complicated to get right, and it’s one of the reasons I sometimes have resistance into using one of the Google APIs.

开发人员控制台可能很难正确设置，这也是我有时对使用一种Google API有所抵触的原因之一。

Let’s see how that works, in a very simple way.

让我们以一种非常简单的方式看看它是如何工作的。

This guide assumes you already have a Google account.

本指南假定您已经有一个Google帐户。

• Create a new Google API Project

  创建一个新的Google API项目

• Create the Authentication Credentials

  创建身份验证凭证

• Service to Service API

  服务到服务API

• Using the JSON Key File

  使用JSON密钥文件

• Use environment variables

  使用环境变量

• Access other APIs

  访问其他API

创建一个新的Google API项目 (Create a new Google API Project)

Create a new project, if you haven’t done it yet.

如果尚未完成，请创建一个新项目。

From the dashboard click Create a new project.

在仪表板上，单击“ 创建新项目” 。

Give it a name, and you’ll be redirected to the project dashboard:

给它起一个名字，您将被重定向到项目仪表板：

Add an API by clicking Enable APIs and services.

通过单击“ 启用API和服务”来添加API。

From the list, search the API you’re interested in

从列表中搜索您感兴趣的API

and enable it

并启用它

That’s it!

而已！

The project is now ready, you can go on and create the authentication credentials.

现在该项目已准备就绪，您可以继续创建身份验证凭据。

创建身份验证凭证 (Create the Authentication Credentials)

There are 3 ways to authenticate with the Google APIs:

有3种通过Google API进行身份验证的方法：

• OAuth 2

  OAuth 2

• Service to Service

  服务到服务

• API key

  API密钥

API key is less secure and restricted in scope and usage by Google.

API密钥的安全性较差，并且受到Google范围和用途的限制。

OAuth 2 is meant to let your app make requests on behalf of a user, and as such the process is more complicated than needed, and requires exposing URLs to handle callbacks. Way too complex for simple uses.

OAuth 2旨在让您的应用代表用户发出请求，因此该过程比所需的更为复杂，并且需要公开URL来处理回调。 对于简单的用途来说太复杂了。

In a Service to Service authentication model, the application directly talks to the Google API, using a service account, by using a JSON Web Token.

在“服务到服务”身份验证模型中，应用程序通过服务帐户和JSON Web令牌直接与Google API对话。

This is the simplest method, especially if you’re building a prototype or an application that talks from your server (like a Node.js app) to the Google APIs. This is the one method I’ll talk about for the test of the article.

这是最简单的方法，尤其是当您正在构建从服务器(例如Node.js应用程序)与Google API通信的原型或应用程序时。 这是我将要测试本文的一种方法。

服务到服务API (Service to Service API)

To use this method you need to first generate a JSON Key File through the Google Developers Console.

要使用此方法，您需要首先通过Google Developers Console生成JSON密钥文件 。

There is another option which involves downloading a .p12 file and then converting it to a pem file using the openssl command. It’s no longer recommended by Google, just use JSON.

还有另一个选项，涉及下载.p12文件，然后使用openssl命令将其转换为pem文件。 Google不再建议使用JSON 。

From a project dashboard, click Create credentials, and choose Service Account Key:

在项目仪表板上，单击创建凭证 ，然后选择服务帐户密钥 ：

Fill the form and choose a “JSON” key type:

填写表单，然后选择“ JSON”密钥类型：

That’s it! Google sent you a JSON file:

而已！ Google向您发送了一个JSON文件：

This is the content of this JSON file, called JSON Key File:

这是此JSON文件的内容，称为JSON密钥文件 ：

{"type": "service_account","project_id": "...","private_key_id": "...","private_key": "...","client_email": "...","client_id": "...","auth_uri": "https://accounts.google.com/o/oauth2/auth","token_uri": "https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url": "..."
}

使用JSON密钥文件 (Using the JSON Key File)

The simplest way is to put the JSON file somewhere reachable by your program, on the filesystem.

最简单的方法是将JSON文件放在程序可访问的文件系统上。

For example I have a test app under ~/dev/test, so I put the JSON file into that folder, and renamed it to auth.json. Then inside a Node.js app make sure the GOOGLE_APPLICATION_CREDENTIALS environment variable points to that file location on the filesystem.

例如，我在~/dev/test下有一个测试应用程序，因此我将JSON文件放入该文件夹中，并将其重命名为auth.json 。 然后在Node.js应用程序内，确保GOOGLE_APPLICATION_CREDENTIALS环境变量指向文件系统上的该文件位置。

You create a JSON Web Token using the properties contained in the file:

您使用文件中包含的属性创建JSON Web令牌 ：

const jwt = new google.auth.JWT(key.client_email, null, key.private_key, scopes)

and you pass that to any API request you make.

并将其传递给您提出的任何API请求。

This is an example of how to use it with the Google Analytics API. process.env.GOOGLE_APPLICATION_CREDENTIALS is better be set outside the program, but I added it in the source for clarity:

这是如何与Google Analytics(分析)API一起使用的示例。 最好在程序外部设置process.env.GOOGLE_APPLICATION_CREDENTIALS ，但是为了清楚起见，我在源代码中添加了它：

'use strict'const { google } = require('googleapis')const key = require('./auth.json')
const scopes = 'https://www.googleapis.com/auth/analytics.readonly'
const jwt = new google.auth.JWT(key.client_email, null, key.private_key, scopes)
const view_id = 'XXXXXXX'process.env.GOOGLE_APPLICATION_CREDENTIALS = './auth.json'jwt.authorize((err, response) => {google.analytics('v3').data.ga.get({auth: jwt,ids: 'ga:' + view_id,'start-date': '30daysAgo','end-date': 'today',metrics: 'ga:pageviews'},(err, result) => {console.log(err, result)})
})

使用环境变量 (Use environment variables)

This is not ideal in many situations where having your private information on the filesystem is either not practical or not secure. For example if you’re using Heroku, it’s best to avoid putting the authentication credentials in the repository, and instead set them through the interface or console Heroku provides.

在许多情况下，这是不理想的，在这种情况下，在文件系统上拥有私有信息既不可行也不安全。 例如，如果您使用的是Heroku，则最好避免将身份验证凭据放入存储库中，而应通过Heroku提供的界面或控制台进行设置。

Or it’s the case of using it on Glitch prototypes, where environment variables are hidden to everyone except you.

或是在Glitch原型上使用它的情况，环境变量对您以外的所有人都是隐藏的。

In this case the best thing is to use environment variables, and store the content you need from the JSON file. In the following example, all we need are the client_email and private_key variables set in the JSON, so we can extract those and set them as environment variables, to keep them private.

在这种情况下，最好的办法是使用环境变量，并存储JSON文件中所需的内容。 在下面的示例中，我们需要的是在JSON中设置的client_email和private_key变量，因此我们可以提取它们并将其设置为环境变量，以保持它们的私密性。

'use strict'const { google } = require('googleapis')const scopes = 'https://www.googleapis.com/auth/analytics.readonly'
const jwt = new google.auth.JWT(process.env.CLIENT_EMAIL,null,process.env.PRIVATE_KEY,scopes
)
const view_id = 'XXXXXXX'jwt.authorize((err, response) => {google.analytics('v3').data.ga.get({auth: jwt,ids: 'ga:' + view_id,'start-date': '30daysAgo','end-date': 'today',metrics: 'ga:pageviews'},(err, result) => {console.log(err, result)})
})

访问其他API (Access other APIs)

I used Google Analytics in the examples.

我在示例中使用了Google Analytics(分析)。

The google object makes it reachable at google.analytics('v3').

google对象可通过google.analytics('v3') 。

v3 is the API version.

v3是API版本。

Other APIs are reachable using a similar way:

其他API的访问方式也类似：

• google.urlshortener('v1')

  google.urlshortener('v1')

• google.drive('v2')

  google.drive('v2')

翻译自: https://flaviocopes.com/google-api-authentication/

谷歌身份验证器 api