Python GSuite Api访问:客户端无权使用此方法检索访问令牌
我正试图通过python脚本访问存储在我所在组织的Google Drive中的文档 以下是我所做的:Python GSuite Api访问:客户端无权使用此方法检索访问令牌,python,google-cloud-platform,service-accounts,google-workspace,Python,Google Cloud Platform,Service Accounts,Google Workspace,我正试图通过python脚本访问存储在我所在组织的Google Drive中的文档 以下是我所做的: 创建新服务帐户并选择“启用G套件域范围的委派” 然后,我进入我的帐户的GSuite admin,通过安全->高级设置->管理API客户端访问,我添加了为我的新服务帐户生成的客户端id和以下权限: 然后,我使用以下python方法来构建访问gsuite文档的服务: def get_service(api_name, api_version, scopes, key_file_location):
def get_service(api_name, api_version, scopes, key_file_location):
"""Get a service that communicates to a Google API.
Args:
api_name: The name of the api to connect to.
api_version: The api version to connect to.
scopes: A list auth scopes to authorize for the application.
key_file_location: The path to a valid service account JSON key file.
Returns:
A service that is connected to the specified API.
"""
# credentials = ServiceAccountCredentials.from_json_keyfile_name(
# key_file_location, scopes=scopes)
credentials = service_account.Credentials.from_service_account_file(
key_file_location, scopes=scopes)
delegated_credentials = credentials.with_subject('myemail@my-gsuite-domain.com')
# Build the service object.
service = build(api_name, api_version, credentials=delegated_credentials)
return service
当我尝试访问电子表格时,出现以下错误:
('unauthorized_client:客户端无权检索访问权限
使用此方法的令牌。“,u'{\n”错误“:“未经授权的\u客户端”,\n
“错误描述”:“客户端无权检索访问令牌
使用此方法。“\n}”)
该电子表格具有组织中任何人都可以查看的权限
我还尝试将服务帐户电子邮件地址手动添加到电子表格权限中,这样做允许我访问文档而不使用委派凭据,但我希望避免将电子邮件地址添加到我要访问的每个电子表格中
如何使用Python以编程方式查看组织成员可以查看的所有Google工作表
谢谢。谢谢AChampion的指点。问题是请求范围
https://www.googleapis.com/auth/spreadsheets.readonly
当我只有授权范围时https://www.googleapis.com/auth/spreadsheets
。我以为电子表格
将是电子表格的超集。只读
,但事实似乎并非如此
我的get_服务代码:
def get_service(api_name, api_version, scopes, key_file_location):
"""Get a service that communicates to a Google API.
Args:
api_name: The name of the api to connect to.
api_version: The api version to connect to.
scopes: A list auth scopes to authorize for the application.
key_file_location: The path to a valid service account JSON key file.
Returns:
A service that is connected to the specified API.
"""
credentials = ServiceAccountCredentials.from_json_keyfile_name(
key_file_location, scopes=scopes)
# credentials = service_account.Credentials.from_service_account_file(
# key_file_location, scopes=scopes)
delegated_credentials = credentials.create_delegated('name@example.com')
delegated_http = delegated_credentials.authorize(Http())
# Build the service object.
service = build(api_name, api_version, http=delegated_http)
return service
以及我对获取服务的呼叫
:
scope = 'https://www.googleapis.com/auth/spreadsheets'
key_file_location = '/path/to/keyfile.json'
service = get_service(
api_name='sheets',
api_version='v4',
scopes=[scope],
key_file_location=key_file_location)
您是否使用正确的调用来获取委派凭据,例如,
delegated\u credentials=credentials.create\u delegated('myemail@my-gsuite domain.com')
您能提供完整的堆栈跟踪和行号吗?您可能想看看这篇文章:非常感谢您的更新(+1),我遇到了完全相同的问题,并且认为https://www.googleapis.com/auth/calendar
将是https://www.googleapis.com/auth/calendar.events
但事实并非如此。老实说,这可以在文档中得到更好的解释。再次感谢。顺便说一句,您也可以跳过委派的\u凭证
行,直接将其提供给您的ServiceAccountCredentials。从\u json\u keyfile\u name
调用(通过添加subject=)name@example.com“