getting “401 Unauthorized” while trying to authent

2019-08-25 23:47发布

问题:

So here is the problem: Ive recently made this post.

Solution I've mentionned worked for one token and one API but when I tried to handle two APIs with two token (gmail and Sheets API) it failed.

So what I'm trying to do now is make the two work so I told myself "Hey let's create a service account". Even if I don't really understand the differences between both methods. Service account seems to prevent from having a consent screen (Am I right?).

I've crawled the web for answers but all of them seems to fail.

I've refreshed token, used GoogleCredential instead of Credential, created new key etc... one thing though I didn't tried is to use Gsuite account I'm using a basic account.

So now I'm at the point where I've created a new p12 file and instantly I get the 401 error. I will share my code for a better understanding.

my mail class

public class mailService {
    private static final String APPLICATION_NAME = "AHS";
    private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();

    private static final String TOKENS_DIRECTORY_PATH = "tokens";
//I've added sheet scope as it is activated in my project
    private static final Collection<String> SCOPES = Arrays.asList(GmailScopes.GMAIL_SEND, GmailScopes.GMAIL_LABELS, SheetsScopes.SPREADSHEETS);

    private static Credential getCredentials(final NetHttpTransport HTTP_TRANSPORT) throws IOException, GeneralSecurityException {
        File sa = new File("WEB-INF/mykeyfile.p12");
        Credential credential = new GoogleCredential.Builder()
                    .setTransport(HTTP_TRANSPORT)
                    .setJsonFactory(JSON_FACTORY)
                    .setServiceAccountId(
                            "myapp@appspot.gserviceaccount.com")
                    .setServiceAccountScopes(SCOPES)
                    .setServiceAccountPrivateKeyFromP12File(sa)
                    .setServiceAccountUser("myemailadress@gmail.com")
                    .build();
        //credential.refreshToken();
        return (credential);
    }

    public static Gmail getService() throws GeneralSecurityException, IOException {
        final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
        /*Gmail service = new Gmail.Builder(HTTP_TRANSPORT, JSON_FACTORY, getCredentials(HTTP_TRANSPORT))
                .setApplicationName(APPLICATION_NAME)
                .build();*/
        Gmail service = new Gmail.Builder(HTTP_TRANSPORT, JSON_FACTORY, null)
                .setHttpRequestInitializer(getCredentials(HTTP_TRANSPORT)).setApplicationName(APPLICATION_NAME).build();
        return (service);
    }
...

So to give you a better understanding, I'm creating a web app using Angular and Google app engine. I wan't to use Gmail API to send mail from my account, also I'm using sheets API to read/write from/to a spreadsheet. Just to be clear I have a secret file for the google-sign-in (for the user of the web app) but there this is server side code and I don't wan't user to see a consent screen.

I'm also asking myself if I need to use gcloud in order to activate service account.

I'm running (for the moment) my server locally using Eclipse and google app engine plugin.

if you need other code or precisions for better understanding of the problem let me know

回答1:

Gmail dosent support service accounts unless its a gsuite account and you set up domain wide deligation.

If you check the documentation you will only see information about using Oauth2 not server account this is because Google only documents things that are supported not those that aren't.

Sheets does support service accounts just remembered that you need to pre-authorization on the service a account. That is done via sharing the sheet with the service account like you would any other user using the service accounts email address.