gpt4 book ai didi

oauth - 我真的不能用客户端 ID 发布开源吗?

转载 作者:行者123 更新时间:2023-12-03 10:27:22 25 4
gpt4 key购买 nike

关闭。这个问题不满足Stack Overflow guidelines .它目前不接受答案。












想改善这个问题吗?更新问题,使其成为 on-topic对于堆栈溢出。

6年前关闭。




Improve this question




Developer credentials (such as passwords, keys, and client IDs) are intended to be used by you and identify your API Client. You will keep your credentials confidential and make reasonable efforts to prevent and discourage other API Clients from using your credentials. Developer credentials may not be embedded in open source projects.



( https://developers.google.com/terms/ ,我的重点)

这是否意味着我的 Open Source Drive 命令行客户端需要强制我的软件的每个用户在 Google Cloud 控制台中设置一个新项目?有更好的选择吗?

从非开源中提取客户端 ID 和客户端“ secret ”并不难,那么为什么要区分呢?

“安装应用程序”客户端 ID 和 secret 并不是真正的 secret ,Google 文档似乎也同意:

The process results in a client ID and, in some cases, a client secret, which you embed in the source code of your application. (In this context, the client secret is obviously not treated as a secret.)



( https://developers.google.com/accounts/docs/OAuth2 ,再次强调)

最佳答案

2014 年 11 月 5 日 Google made some changes to the APIs terms of Service .

像你一样,我对以下行有问题。

Asking developers to make reasonable efforts to keep their private keys private and not embed them in open source projects.



我在 GitHub 上有几个开源项目,它们基本上是使用 Google API 的教程,其中一些 API 仍处于测试阶段,需要时间才能获得测试权限。我 我的客户 ID 嵌入在我的项目中,以便我的用户能够测试应用程序。

现在我在谷歌有一些联系人,所以我希望我能在这里得到某种豁免。我设法找到了上述有问题的服务变更 Dan Ciruli 的作者,并向他发送了一封电子邮件。

我的电子邮件很日志你可以在这里阅读: Changes of service

长话短说不,你不能在你的开源项目中发布你的客户 ID,这里是 Dan 给我的电子邮件,解释了原因。

You are, however, allowing them to “impersonate” you in Google’s eyes. If our abuse systems detect abuse (say, should someone try to DoS one of our services using your key), you run the risk that they would terminate your account because of it (and please note — they wouldn’t just cut access to the key, they would shut down your console account). Moreover, you’ve been granted whitelisted access to APIs that are not available to the general public (and, in all likelihood required agreeing to a separate Terms of Service) and are sharing access to anyone who wants it. There is no doubt that is a violation of those terms. Sorry to not have the answer you are looking for, but keys are the one way we have to tell who is calling our services.



这只是他回给我的电子邮件的一部分。您可以在上面的链接中阅读完整的帖子。因此,如果您将源代码提供给他们,他们就可以看到客户端 ID。您的用户将不得不在 Google Cloud 控制台上创建自己的项目。没有办法解决这个问题。

我希望这有帮助。

关于oauth - 我真的不能用客户端 ID 发布开源吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27585412/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com