Google Oauth错误:应设置至少一个客户端机密(已安装或Web)

Question

我正在使用Google的Oauth 2.0通过我们的服务器将视频上传到Youtube.我的客户ID是"服务帐户".我下载了json密钥并将其添加到我的解决方案中.

这是相关代码:

 private async Task Run(string filePath)
        {
            UserCredential credential;
            var keyUrl = System.Web.HttpContext.Current.Server.MapPath("~/content/oauth_key.json");
            using (var stream = new FileStream(keyUrl, FileMode.Open, FileAccess.Read))
            {
                credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
                    GoogleClientSecrets.Load(stream).Secrets,
                    // This OAuth 2.0 access scope allows an application to upload files to the
                    // authenticated user's YouTube channel, but doesn't allow other types of access.
                    new[] { YouTubeService.Scope.YoutubeUpload },
                    "user",
                    CancellationToken.None
                );
            }

            var youtubeService = new YouTubeService(new BaseClientService.Initializer()
            {
                HttpClientInitializer = credential,
                ApplicationName = Assembly.GetExecutingAssembly().GetName().Name
            });

当我运行它时,我收到此错误:应设置至少一个客户端机密(已安装或Web).

但是,在我的json中没有"客户秘密":

{
  "private_key_id": "9d98c06b3e730070806dcf8227578efd0ba9989b",
  "private_key": "-----BEGIN PRIVATE KEY-----\nMIICdQIBADANBgkqhk etc,
  "client_email": "546239405652-8igo05a5m8cutggehk3rk3hspjfm3t04@developer.gserviceaccount.com",
  "client_id": "546239405652-8igo05a5m8cutggehk3rk3hspjfm3t04.apps.googleusercontent.com",
  "type": "service_account"
}

所以我认为我忽视了一些事情.也许我不能使用"服务帐户"？不知道......

Answer 1

使用json文件的解决方案非常相似.

这是VisionService使用GoogleCredential从json文件创建的对象创建的示例ServiceAccountCredential.

GoogleCredential credential;
using (var stream = new FileStream(fileName, FileMode.Open, FileAccess.Read))
{
    credential = GoogleCredential.FromStream(stream)
        .CreateScoped(VisionService.Scope.CloudPlatform);
}

var service = new VisionService(new BaseClientService.Initializer()
{
    HttpClientInitializer = credential,
    ApplicationName = "my-app-name",
});

此示例需要两个NuGet包:

Google.Apis.Vision.v1  
Google.Apis.Oauth2.v2

Answer 2

我设法获得一个服务帐户来处理P12文件,但是想知道如何使用JSON文件,或者只是从JSON文件中获取值来创建证书.

获取令牌

    private static String GetOAuthCredentialViaP12Key()
    {
        const string serviceAccountEmail = SERVICE_ACCOUNT_EMAIL;
        var certificate = new X509Certificate2(SERVICE_ACCOUNT_PKCS12_FILE_PATH, "notasecret", X509KeyStorageFlags.Exportable);

        var scope = DriveService.Scope.Drive + " https://spreadsheets.google.com/feeds";
        var credential = new ServiceAccountCredential( new ServiceAccountCredential.Initializer(serviceAccountEmail)
                                                       {
                                                            Scopes  = new[] { scope }
                                                       }.FromCertificate(certificate) );

        if (credential.RequestAccessTokenAsync(CancellationToken.None).Result == false)
        {

            return null;
        }

        return credential.Token.AccessToken;
    }

这就是我使用我得到的令牌的方式

        // Initialize the variables needed to make the request
        OAuth2Parameters parameters = new OAuth2Parameters {AccessToken = token};
        GOAuth2RequestFactory requestFactory = new GOAuth2RequestFactory(null, "MySpreadsheetIntegration-v1", parameters);
        SpreadsheetsService service = new SpreadsheetsService("MySpreadsheetIntegration-v1");
        service.RequestFactory = requestFactory;

Answer 3

不是 C# 专家，但看起来您正在尝试使用服务帐户来执行 OAuth2 Web 服务器流程，这应该不起作用。您可能想改用ServiceAccountCredential。有关不同 Google OAuth2 流程的更多信息，请参阅Web 服务器、服务帐户等的文档。