我试着让服务器应用程序定期从我自己的Google Analytics帐户中提取Google Analytics数据。请注意,它是一个访问我自己数据的个人服务器端应用程序,即没有最终用户访问此应用程序。
例如,我在 Google API控制台上将我的应用程序注册为 Service Application ,它为我提供了一个客户端ID 和一个私钥。我的理解是服务应用程序不使用应用程序秘密和重定向URL ,因为此服务器到服务器身份验证流程中没有最终用户。事实上,Google API控制台并没有给我提供秘密,也没有提示我提供重定向URL。
不幸的是,我无法弄清楚如何在 Google的PHP客户端API 。关于使用最终用户验证Web应用程序有大量文档。
Google的文档建议可以通过使用私钥对JWT请求进行签名来验证服务器到服务器的身份。我只是无法弄清楚如何在PHP客户端API中执行操作(尽管我浏览了源代码并且有绝对是一个使用私钥签名请求的脚本)。
<我在这里错过了什么?我如何使用我的私钥和Google PHP客户端API来执行服务应用程序的身份验证?为清晰起见编辑
$ Google Analytics(分析)API V3现在支持通过Google Analytics(分析)API V3返回的OAuth2令牌一个.p12签名的JWT请求。也就是说,我们现在可以使用Google Analytics API和服务帐户。目前拉动4年的每日指标, em>
下面是一个快速的'n'脏分步骤:
转到 Google API控制台并创建一个新应用
在 API Access 标签中,点击创建OAuth2.0客户端ID $ b
-
输入您的姓名,上传徽标,然后点击下一步
-
选择服务帐户选项并按创建客户端ID
-
下载您的私钥
>
现在您回到了 API Access 页面。您将看到一个名为服务帐户的部分,其中包含客户端ID 和电子邮件地址 复制电子邮件地址(类似于 #### @ developer.gserviceaccount ) 访问您的 Google Analytics管理员并将此电子邮件作为用户添加到您的物业 这是必须的;否则您将收到明显的错误。
Rock'n'roll(感谢所有关于更新课程名称的提示):
下面的原始解决方法
看起来,尽管文档不明确,但大多数Google API都会执行不支持服务帐户,包括Google Analytics(分析)。他们无法消化由.p12签名的JWT请求返回的OAuth2令牌。因此,截至目前,您无法将Google Analytics API V3与服务帐户一起使用。
解决方法:
在 Google API控制台,创建一个客户端应用程序。 p>按照 Google PHP Client API 示例中的步骤生成 client_auth_url 使用您的 client_id , client_secret ,和 redirect_uri
登录到 Google 使用cURL。 (确保使用cookie文件!)
Hurray ,你现在有一个永不过期的 refresh_token 和一个工作的 access_token !使用您的 client_id Google的OAuth2令牌机器发送请求。 code>, client_secret , redirect_uri ,和 refresh_token code>当您的 access_token 过期时,您将获得新的。
I'm trying to make a server application to routinely pull Google Analytics data from my own GA account. Note, it is a personal, server-side application accessing my own data, i.e. there is no end-user accessing this application.
As such, I registered my application in the Google API Console as a Service Application, which gave me a Client ID and a Private Key. It is my understanding that Service Applications do NOT use Application Secret and Redirect URL as there is no end-user in this server-to-server authentication flow. Indeed, the Google API Console gave me no Secret and did not prompt me for a Redirect URL.
Unfortunately, I can not figure out how to authenticate my Service Application within Google's PHP Client API. There is extensive documentation on authenticating web applications with an end-user.
Google's documentation suggests it is possible to authenticate server-to-server by signing a JWT request with the private key. I just can't figure out how to do within the PHP client API (although I've browsed the source and there's definitely a script that signs a request with the private key.)
Am I missing something here? How can I perform authentication for a Service Application with my private key and the Google PHP client API?
Edited for clarity
解决方案UPDATE July 21st, 2012
Google Analytics API V3 now supports OAuth2 tokens returned by a .p12-signed JWT request. That is, we can now use the Analytics API w/ service accounts.
Currently pulling 4 years of day-by-day metrics, just for the hell of it.
Here's a quick 'n' dirty step-by-step:
Go to the Google API Console and create a new app
In the Services tab, flip the Google Analytics switch
In the API Access tab, click Create an OAuth2.0 Client ID
enter your name, upload a logo, and click Next
select the Service account option and press Create client ID
download your private key
Now you're back on the API Access page. You'll see a section called Service account with a Client ID and Email address
Copy the email address (something like ####@developer.gserviceaccount)
Visit your GA Admin and add this email as a user to your properties
This is a must; you'll get cryptic errors otherwise.
Get the latest Google PHP Client API via Github
git submodule add github/google/google-api-php-client.git google-api-php-client-read-onlyRock 'n' roll (thanks all for tips on updated class names):
// api dependencies require_once(PATH_TO_API . 'Google/Client.php'); require_once(PATH_TO_API . 'Google/Service/Analytics.php'); // create client object and set app name $client = new Google_Client(); $client->setApplicationName(APP_NAME); // name of your app // set assertion credentials $client->setAssertionCredentials( new Google_Auth_AssertionCredentials( APP_EMAIL, // email you added to GA array('www.googleapis/auth/analytics.readonly'), file_get_contents(PATH_TO_PRIVATE_KEY_FILE) // keyfile you downloaded )); // other settings $client->setClientId(CLIENT_ID); // from API console $client->setAccessType('offline_access'); // this may be unnecessary? // create service and get data $service = new Google_Service_Analytics($client); $service->data_ga->get($ids, $startDate, $endDate, $metrics, $optParams);original workaround below
It seems that, despite ambiguous documentation, most Google APIs do not support service accounts yet, including Google Analytics. They cannot digest OAuth2 tokens returned by a .p12 signed JWT request. So, as of right now, you cannot use Google Analytics API V3 with a service account.
Workaround:
In the Google API console, create a client application.
Follow the steps in the Google PHP Client API examples to generate a client_auth_url using your client_id, client_secret, and redirect_uri
Login to Google using cURL. (Be sure to use a cookie file!)
Open the client_auth_url in cURL and complete the form. Make sure you set curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); and curl_setopt($ch, CURLOPT_HEADER, 1); as the authorization_code will be in the Location: header of the response.
Using your client_id, client_secret, redirect_uri, and the activation code from Step 4, post a request to the Google's OAuth2 Token machine. Make sure you include grant_type = "authorization_code" in your post fields.
Hurray, you now have a refresh_token that never expires, and a working access_token! Post a request to the Google's OAuth2 Token machine with your client_id, client_secret, redirect_uri, and refresh_token when your access_token expires and you'll get a new one.
更多推荐
服务应用程序和Google Analytics API V3:服务器到服务器的OAuth2身份验证?
发布评论