是否可以使用client-side generated access token在 server-side call到 chromewebstore/v1.1/userlicenses/检查用户许可证?扩展程序和应用程序引擎项目都注册在同一个 Gmail 帐户上。我希望能够判断我的网络应用程序的用户是否购买了我的扩展程序。
gapi.auth.authorize({
scope: [
"https://www.googleapis.com/auth/plus.me",
"https://www.googleapis.com/auth/plus.login",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/chromewebstore.readonly"].join(" "),
client_id: "xxxxx"
}, () => gapi.client.myapi.check_payment().execute())
应用引擎代码
import os
import urllib
import endpoints
import httplib2
from oauth2client import client
from protorpc import remote
from protorpc.message_types import VoidMessage
EXTENSION_ID = "xxxxx" # my extension id from Chrome Web Store Developer Dashboard
API_KEY = "xxxxx" # api key from Google APIs Console
CLIENT_ID = "xxxxx" # OAuth 2.0 client ID from Google APIs Console
SCOPES = [endpoints.EMAIL_SCOPE]
@endpoints.api(name="myapi", version="v1", allowed_client_ids=[CLIENT_ID], scopes=SCOPES)
class MyApi(remote.Service):
@endpoints.method(VoidMessage, VoidMessage)
def check_payment(self, msg):
user = endpoints.get_current_user()
assert user is not None
if "HTTP_AUTHORIZATION" in os.environ:
(tokentype, token) = os.environ["HTTP_AUTHORIZATION"].split(" ")
credentials = client.AccessTokenCredentials(token, 'my-user-agent/1.0')
http = credentials.authorize(httplib2.Http())
params = urllib.urlencode({"key": API_KEY})
url = "https://www.googleapis.com/chromewebstore/v1.1/userlicenses/%s?%s" % (EXTENSION_ID, params)
response = http.request(url)
响应 403 状态:{"domain":"global","reason":"forbidden","message":"您无权访问 App ID: xxxxx 的许可数据"}
最佳答案
所以,是的,没有办法让它工作,这种请求只能通过由identity.getAuthToken创建的 token 进行授权。
关于google-app-engine - 从 Google 应用引擎检查 Chrome 网上应用店用户许可证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40920709/