gpt4 book ai didi

google-apps-script - "Authorisation is required to perform that action"消息,即使在单击 "Allow"之后

转载 作者:行者123 更新时间:2023-12-03 21:36:31 24 4
gpt4 key购买 nike

我最近遇到了授权一个新的 Google App Script 项目的问题,特别是一个使用 Cloud SQL 管理 API 的问题。

以前授权的 GAS 项目中存在相同的代码并且工作正常,但是如果我获取 GAS 项目的副本并尝试第一次运行某个函数,我将无法完成授权过程。下面列出了我正在经历的屏幕:

  • 需要授权。 - 单击“查看权限”
  • 选择一个帐户来授权 Google 项目。 - 点击我的账户
  • 此应用程序未经验证! - 单击“转到项目
    (不安全)"
  • Google 项目想要访问此范围列表。- 单击“允许”
  • 执行该操作需要授权。

  • 警告屏幕 (3) 是该过程中最近添加的。我不记得在今年早些时候创建和运行新项目时遇到过它。我想知道 Google 最近是否对其 OAuth2.0 的安全实现进行了任何更改。

    此外,此问题似乎只影响对 Cloud SQL 管理 API 的 REST 调用。在上面提到的同一个项目中,我能够运行将数据写入同一 Google 项目中的 BigQuery 表的函数,该项目也托管 Cloud SQL 实例。显然,可以使某些范围和代码起作用。

    https://www.googleapis.com/auth/sqlservice.admin ”范围包含在我请求和批准的列表中。我什至尝试手动编辑 URL 以添加更多请求的范围,但它仍然没有让我通过“执行该操作需要授权”屏幕。

    有没有人有任何想法?

    编辑:

    触发身份验证的相关代码。
    // Function to get the ip address of a given CloudSQL instance
    function _getInstanceIpAddress_(projectId, sqlInstance) {

    var token = _getAuthenticationToken_();

    // Create the header authorisation
    var headers = {
    "Authorization": "Bearer " + token
    };

    // Create the Cloud SQL instances get parameters
    var parameters = {
    "method": "get",
    "headers": headers,
    "instance": sqlInstance,
    "project": projectId,
    "muteHttpExceptions": true
    };

    // Create the url of the sql instances get API
    var api = "https://www.googleapis.com/sql/v1beta4/projects/" + projectId + "/instances/" + sqlInstance + "?fields=ipAddresses";

    try {
    // Use the url fetch service to issue the https request and capture the response
    var response = UrlFetchApp.fetch(api, parameters);

    // Extract the ip address of the instance from the response
    var content = JSON.parse(response.getContentText());

    return content.ipAddresses[0].ipAddress;
    } catch(err) {
    _log_('ERROR', 'Getting ' + sqlInstance + ' instance ip address failed: ' + err);
    return null;
    }
    }

    function _getAuthenticationToken_() {
    // Check we have access to the service
    var service = getService();
    if (!service.hasAccess()) {
    var authorizationUrl = service.getAuthorizationUrl();
    _log_('INFO', 'Open the following URL and re-run the script: ' + authorizationUrl);
    return;
    }

    Logger.log('Passed Authentication');

    //Get the Access Token
    return service.getAccessToken();

    function getService() {
    // Create a new service with the given name. The name will be used when
    // persisting the authorized token, so ensure it is unique within the
    // scope of the property store.
    return OAuth2.createService('companyName-dev-service')

    // Set the endpoint URLs, which are the same for all Google services.
    .setAuthorizationBaseUrl('https://accounts.google.com/o/oauth2/auth')
    .setTokenUrl('https://accounts.google.com/o/oauth2/token')

    // Set the client ID and secret, from the Google Developers Console.
    .setClientId(CLIENT_ID)
    .setClientSecret(CLIENT_SECRET)

    // Set the name of the callback function in the script referenced
    // above that should be invoked to complete the OAuth flow.
    .setCallbackFunction('authCallback')

    // Set the property store where authorized tokens should be persisted.
    .setPropertyStore(PropertiesService.getUserProperties())

    // Set the scopes to request (space-separated for Google services).
    // this is admin access for the sqlservice and access to the cloud-platform:
    .setScope(
    'https://www.googleapis.com/auth/sqlservice.admin ' +
    'https://www.googleapis.com/auth/cloud-platform')

    //Removed because this Should be covered by cloud-platform
    //'https://www.googleapis.com/auth/devstorage.read_write '

    // Below are Google-specific OAuth2 parameters.

    // Sets the login hint, which will prevent the account chooser screen
    // from being shown to users logged in with multiple accounts.
    .setParam('login_hint', Session.getActiveUser().getEmail())

    // Requests offline access.
    .setParam('access_type', 'offline')

    // Forces the approval prompt every time. This is useful for testing,
    // but not desirable in a production application.
    .setParam('approval_prompt', 'force');
    }

    function authCallback(request) {
    var cloudSQLService = getService();
    var isAuthorized = cloudSQLService.handleCallback(request);

    if (isAuthorized) {
    _log_('INFO', 'Access Approved');
    return HtmlService.createHtmlOutput('Success! You can close this tab.');
    } else {
    _log_('INFO', 'Access Denied');
    return HtmlService.createHtmlOutput('Denied. You can close this tab');
    }
    }
    }

    最佳答案

    如果您回想一年前,您可能还记得 Massive Phishing Attack Targets Gmail Users你看到的是谷歌对此的回应。

    使用特定范围的 Web 凭据需要 Google 批准,然后除创建相关凭据的开发人员之外的任何人才能使用它。通常需要大约一周的时间才能获得批准,Google 是这么说的。

    你以前没见过,因为这是最近才打到的 App 脚本 OAuth client verification

    Starting July 18, 2017, Google OAuth clients that request certain sensitive OAuth scopes will be subject to review by Google.

    关于google-apps-script - "Authorisation is required to perform that action"消息,即使在单击 "Allow"之后,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49491740/

    24 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com