google auth library ruby
v1.11.2
这是 Google 官方支持的 ruby 客户端库,用于通过 Google API 使用 OAuth 2.0 授权和身份验证。
确保https://rubygems.org/在您的 gem 源中。
对于正常的客户端使用,这已经足够了:
$ gem install googleauth require 'googleauth'
# Get the environment configured authorization
scopes = [ 'https://www.googleapis.com/auth/cloud-platform' ,
'https://www.googleapis.com/auth/compute' ]
authorization = Google :: Auth . get_application_default ( scopes )
# Add the the access token obtained using the authorization to a hash, e.g
# headers.
some_headers = { }
authorization . apply ( some_headers ) 该库提供了 Ruby 应用程序默认凭据的实现。
应用程序默认凭据提供了一种获取授权凭据以用于调用 Google API 的简单方法。
它们最适合调用需要独立于用户的应用程序具有相同身份和授权级别的情况。这是授权调用云 API 的推荐方法,特别是当您构建使用 Google Compute Engine 的应用程序时。
该库还提供对请求和存储用户凭据(3-Legged OAuth2)的支持。目前有两种可用的实现,一个适用于命令行应用程序或自定义集成的通用授权者,以及一个针对基于机架的应用程序量身定制的 Web 变体。
授权者用于授权用例。有关登录,请参阅 Google Identity Platform
require 'googleauth'
require 'googleauth/web_user_authorizer'
require 'googleauth/stores/redis_token_store'
require 'redis'
client_id = Google :: Auth :: ClientId . from_file ( '/path/to/client_secrets.json' )
scope = [ 'https://www.googleapis.com/auth/drive' ]
token_store = Google :: Auth :: Stores :: RedisTokenStore . new ( redis : Redis . new )
authorizer = Google :: Auth :: WebUserAuthorizer . new (
client_id , scope , token_store , '/oauth2callback' )
get ( '/authorize' ) do
# NOTE: Assumes the user is already authenticated to the app
user_id = request . session [ 'user_id' ]
credentials = authorizer . get_credentials ( user_id , request )
if credentials . nil?
redirect authorizer . get_authorization_url ( login_hint : user_id , request : request )
end
# Credentials are valid, can call APIs
# ...
end
get ( '/oauth2callback' ) do
target_url = Google :: Auth :: WebUserAuthorizer . handle_auth_callback_deferred (
request )
redirect target_url
end代码交换证明密钥 (PKCE) 是一种 RFC,旨在防止恶意操作系统进程劫持 OAUTH 2.0 交换。 PKCE 通过在授权请求中包含code_challenge和code_challenge_method参数以及在访问令牌请求中包含code_verifier参数来缓解上述漏洞。
require 'googleauth'
require 'googleauth/web_user_authorizer'
require 'googleauth/stores/redis_token_store'
require 'redis'
client_id = Google :: Auth :: ClientId . from_file ( '/path/to/client_secrets.json' )
scope = [ 'https://www.googleapis.com/auth/drive' ]
token_store = Google :: Auth :: Stores :: RedisTokenStore . new ( redis : Redis . new )
authorizer = Google :: Auth :: WebUserAuthorizer . new (
client_id , scope , token_store , '/oauth2callback' )
get ( '/authorize' ) do
# NOTE: Assumes the user is already authenticated to the app
user_id = request . session [ 'user_id' ]
# User needs to take care of generating the code_verifier and storing it in
# the session.
request . session [ 'code_verifier' ] ||= Google :: Auth :: WebUserAuthorizer . generate_code_verifier
authorizer . code_verifier = request . session [ 'code_verifier' ]
credentials = authorizer . get_credentials ( user_id , request )
if credentials . nil?
redirect authorizer . get_authorization_url ( login_hint : user_id , request : request )
end
# Credentials are valid, can call APIs
# ...
end
get ( '/oauth2callback' ) do
target_url = Google :: Auth :: WebUserAuthorizer . handle_auth_callback_deferred (
request )
redirect target_url
endGoogle Auth OOB 流已于 2023 年 1 月 31 日终止。OOB 流是旧流,不再被认为是安全的。要继续使用 Google Auth,请将您的应用程序迁移到更安全的流程。有关如何执行此操作的更多信息,请参阅此 OOB 迁移指南。
require 'googleauth'
require 'googleauth/stores/file_token_store'
OOB_URI = 'urn:ietf:wg:oauth:2.0:oob'
scope = 'https://www.googleapis.com/auth/drive'
client_id = Google :: Auth :: ClientId . from_file ( '/path/to/client_secrets.json' )
token_store = Google :: Auth :: Stores :: FileTokenStore . new (
:file => '/path/to/tokens.yaml' )
authorizer = Google :: Auth :: UserAuthorizer . new ( client_id , scope , token_store )
user_id = ENV [ 'USER' ]
credentials = authorizer . get_credentials ( user_id )
if credentials . nil?
url = authorizer . get_authorization_url ( base_url : OOB_URI )
puts "Open #{ url } in your browser and enter the resulting code:"
code = gets
credentials = authorizer . get_and_store_credentials_from_code (
user_id : user_id , code : code , base_url : OOB_URI )
end
# OK to use credentials scope = 'https://www.googleapis.com/auth/androidpublisher'
authorizer = Google :: Auth :: ServiceAccountCredentials . make_creds (
json_key_io : File . open ( '/path/to/service_account_json_key.json' ) ,
scope : scope )
authorizer . fetch_access_token!您还可以通过设置GOOGLE_APPLICATION_CREDENTIALS环境变量来使用 JSON 密钥文件。
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service_account_json_key.json require 'googleauth'
require 'google/apis/drive_v3'
Drive = :: Google :: Apis :: DriveV3
drive = Drive :: DriveService . new
scope = 'https://www.googleapis.com/auth/drive'
authorizer = Google :: Auth :: ServiceAccountCredentials . from_env ( scope : scope )
drive . authorization = authorizer
list_files = drive . list_files ( )这与常规服务帐户授权类似(有关差异的更多详细信息,请参阅此答案),但您需要通过手动更新sub字段来指示您的服务帐户正在模拟哪个用户。
scope = 'https://www.googleapis.com/auth/androidpublisher'
authorizer = Google :: Auth :: ServiceAccountCredentials . make_creds (
json_key_io : File . open ( '/path/to/service_account_json_key.json' ) ,
scope : scope
)
authorizer . update! ( sub : "[email protected]" )
authorizer . fetch_access_token! export GOOGLE_ACCOUNT_TYPE=service_account
export GOOGLE_CLIENT_ID=000000000000000000000
export [email protected]
export GOOGLE_PRIVATE_KEY= " -----BEGIN PRIVATE KEY-----n...n-----END PRIVATE KEY-----n " require 'googleauth'
require 'google/apis/drive_v3'
Drive = :: Google :: Apis :: DriveV3
drive = Drive :: DriveService . new
# Auths with ENV vars:
# "GOOGLE_CLIENT_ID",
# "GOOGLE_CLIENT_EMAIL",
# "GOOGLE_ACCOUNT_TYPE",
# "GOOGLE_PRIVATE_KEY"
auth = :: Google :: Auth :: ServiceAccountCredentials
. make_creds ( scope : 'https://www.googleapis.com/auth/drive' )
drive . authorization = auth
list_files = drive . list_files ( )授权者需要一个存储实例来管理访问和刷新令牌的长期持久性。包括两个存储实现:
还可以使用自定义存储实现。有关更多详细信息,请参阅 token_store.rb。
Ruby 2.6+ 支持该库。
Google 为 Ruby Core 积极支持的 Ruby 版本提供官方支持,即处于正常维护或安全维护中且尚未终止生命的 Ruby 版本。旧版本的 Ruby可能仍然可以工作,但不受支持且不推荐。有关 Ruby 支持计划的详细信息,请参阅 https://www.ruby-lang.org/en/downloads/branches/。
该库已获得 Apache 2.0 许可。完整的许可证文本可在许可证中找到。
请参阅贡献。
请在 Github 上报告该项目的错误。请随时在 StackOverflow 上询问有关客户端或 API 的问题。
