google auth library ruby
v1.11.2
這是 Google 官方支援的 ruby 用戶端程式庫,用於透過 Google API 使用 OAuth 2.0 授權和身份驗證。
確保https://rubygems.org/在您的 gem 來源中。
對於正常的客戶端使用,這已經足夠了:
$ gem install googleauth require 'googleauth'
# Get the environment configured authorization
scopes = [ 'https://www.googleapis.com/auth/cloud-platform' ,
'https://www.googleapis.com/auth/compute' ]
authorization = Google :: Auth . get_application_default ( scopes )
# Add the the access token obtained using the authorization to a hash, e.g
# headers.
some_headers = { }
authorization . apply ( some_headers ) 該程式庫提供了 Ruby 應用程式預設憑證的實作。
應用程式預設憑證提供了一種獲取授權憑證以用於呼叫 Google API 的簡單方法。
它們最適合呼叫需要獨立於使用者的應用程式具有相同身分和授權等級的情況。這是授權呼叫雲端 API 的建議方法,特別是當您建立使用 Google Compute Engine 的應用程式時。
該庫還提供對請求和儲存用戶憑證(3-Legged OAuth2)的支援。應用程式量身定制的Web 變體。
授權者用於授權用例。有關登錄,請參閱 Google Identity Platform
require 'googleauth'
require 'googleauth/web_user_authorizer'
require 'googleauth/stores/redis_token_store'
require 'redis'
client_id = Google :: Auth :: ClientId . from_file ( '/path/to/client_secrets.json' )
scope = [ 'https://www.googleapis.com/auth/drive' ]
token_store = Google :: Auth :: Stores :: RedisTokenStore . new ( redis : Redis . new )
authorizer = Google :: Auth :: WebUserAuthorizer . new (
client_id , scope , token_store , '/oauth2callback' )
get ( '/authorize' ) do
# NOTE: Assumes the user is already authenticated to the app
user_id = request . session [ 'user_id' ]
credentials = authorizer . get_credentials ( user_id , request )
if credentials . nil?
redirect authorizer . get_authorization_url ( login_hint : user_id , request : request )
end
# Credentials are valid, can call APIs
# ...
end
get ( '/oauth2callback' ) do
target_url = Google :: Auth :: WebUserAuthorizer . handle_auth_callback_deferred (
request )
redirect target_url
end程式碼交換證明金鑰 (PKCE) 是一種 RFC,旨在防止惡意作業系統程序劫持 OAUTH 2.0 交換。 PKCE 透過在授權請求中包含code_challenge和code_challenge_method參數以及在存取權杖請求中包含code_verifier參數來緩解上述漏洞。
require 'googleauth'
require 'googleauth/web_user_authorizer'
require 'googleauth/stores/redis_token_store'
require 'redis'
client_id = Google :: Auth :: ClientId . from_file ( '/path/to/client_secrets.json' )
scope = [ 'https://www.googleapis.com/auth/drive' ]
token_store = Google :: Auth :: Stores :: RedisTokenStore . new ( redis : Redis . new )
authorizer = Google :: Auth :: WebUserAuthorizer . new (
client_id , scope , token_store , '/oauth2callback' )
get ( '/authorize' ) do
# NOTE: Assumes the user is already authenticated to the app
user_id = request . session [ 'user_id' ]
# User needs to take care of generating the code_verifier and storing it in
# the session.
request . session [ 'code_verifier' ] ||= Google :: Auth :: WebUserAuthorizer . generate_code_verifier
authorizer . code_verifier = request . session [ 'code_verifier' ]
credentials = authorizer . get_credentials ( user_id , request )
if credentials . nil?
redirect authorizer . get_authorization_url ( login_hint : user_id , request : request )
end
# Credentials are valid, can call APIs
# ...
end
get ( '/oauth2callback' ) do
target_url = Google :: Auth :: WebUserAuthorizer . handle_auth_callback_deferred (
request )
redirect target_url
endGoogle Auth OOB 串流已於 2023 年 1 月 31 日終止。若要繼續使用 Google Auth,請將您的應用程式移轉到更安全的流程。有關如何執行此操作的更多信息,請參閱此 OOB 遷移指南。
require 'googleauth'
require 'googleauth/stores/file_token_store'
OOB_URI = 'urn:ietf:wg:oauth:2.0:oob'
scope = 'https://www.googleapis.com/auth/drive'
client_id = Google :: Auth :: ClientId . from_file ( '/path/to/client_secrets.json' )
token_store = Google :: Auth :: Stores :: FileTokenStore . new (
:file => '/path/to/tokens.yaml' )
authorizer = Google :: Auth :: UserAuthorizer . new ( client_id , scope , token_store )
user_id = ENV [ 'USER' ]
credentials = authorizer . get_credentials ( user_id )
if credentials . nil?
url = authorizer . get_authorization_url ( base_url : OOB_URI )
puts "Open #{ url } in your browser and enter the resulting code:"
code = gets
credentials = authorizer . get_and_store_credentials_from_code (
user_id : user_id , code : code , base_url : OOB_URI )
end
# OK to use credentials scope = 'https://www.googleapis.com/auth/androidpublisher'
authorizer = Google :: Auth :: ServiceAccountCredentials . make_creds (
json_key_io : File . open ( '/path/to/service_account_json_key.json' ) ,
scope : scope )
authorizer . fetch_access_token!您也可以透過設定GOOGLE_APPLICATION_CREDENTIALS環境變數來使用 JSON 金鑰檔案。
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service_account_json_key.json require 'googleauth'
require 'google/apis/drive_v3'
Drive = :: Google :: Apis :: DriveV3
drive = Drive :: DriveService . new
scope = 'https://www.googleapis.com/auth/drive'
authorizer = Google :: Auth :: ServiceAccountCredentials . from_env ( scope : scope )
drive . authorization = authorizer
list_files = drive . list_files ( )這與常規服務帳戶授權類似(有關差異的更多詳細信息,請參閱此答案),但您需要透過手動更新sub欄位來指示您的服務帳戶正在模擬哪個使用者。
scope = 'https://www.googleapis.com/auth/androidpublisher'
authorizer = Google :: Auth :: ServiceAccountCredentials . make_creds (
json_key_io : File . open ( '/path/to/service_account_json_key.json' ) ,
scope : scope
)
authorizer . update! ( sub : "[email protected]" )
authorizer . fetch_access_token! export GOOGLE_ACCOUNT_TYPE=service_account
export GOOGLE_CLIENT_ID=000000000000000000000
export [email protected]
export GOOGLE_PRIVATE_KEY= " -----BEGIN PRIVATE KEY-----n...n-----END PRIVATE KEY-----n " require 'googleauth'
require 'google/apis/drive_v3'
Drive = :: Google :: Apis :: DriveV3
drive = Drive :: DriveService . new
# Auths with ENV vars:
# "GOOGLE_CLIENT_ID",
# "GOOGLE_CLIENT_EMAIL",
# "GOOGLE_ACCOUNT_TYPE",
# "GOOGLE_PRIVATE_KEY"
auth = :: Google :: Auth :: ServiceAccountCredentials
. make_creds ( scope : 'https://www.googleapis.com/auth/drive' )
drive . authorization = auth
list_files = drive . list_files ( )授權者需要一個儲存實例來管理存取和刷新令牌的長期持久性。包括兩個儲存實作:
也可以使用自訂儲存實作。有關更多詳細信息,請參閱 token_store.rb。
Ruby 2.6+ 支援該函式庫。
Google 為 Ruby Core 積極支持的 Ruby 版本提供官方支持,即處於正常維護或安全維護中且尚未終止生命的 Ruby 版本。舊版的 Ruby可能仍然可以工作,但不受支援且不建議。有關 Ruby 支援計劃的詳細信息,請參閱 https://www.ruby-lang.org/en/downloads/branches/。
該程式庫已獲得 Apache 2.0 授權。完整的許可證文字可在許可證中找到。
請參閱貢獻。
請在 Github 上回報該專案的錯誤。請隨時在 StackOverflow 上詢問有關客戶端或 API 的問題。
