检测Google API的oAuth令牌已被撤销的时间

问题描述 投票:0回答:1

我正在从这里使用Google的python快速入门脚本:https://developers.google.com/calendar/quickstart/python

在正常情况下效果很好。我可以允许它访问我的Gmail帐户,并且可以创建Google日历条目。

但是,如果我在浏览器中登录我的Gmail帐户,请转到安全性,然后撤消我的应用程序对我的Google帐户的访问权限,则快速启动脚本将无法使用。它只是崩溃:

$ python quickstart.py
Getting the upcoming 10 events
Traceback (most recent call last):
  File "quickstart.py", line 52, in <module>
    main()
  File "quickstart.py", line 42, in main
    orderBy='startTime').execute()
  File "/opt/my_project/venv3/lib/python3.6/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/opt/my_project/venv3/lib/python3.6/site-packages/googleapiclient/http.py", line 851, in execute
    method=str(self.method), body=self.body, headers=self.headers)
  File "/opt/my_project/venv3/lib/python3.6/site-packages/googleapiclient/http.py", line 165, in _retry_request
    resp, content = http.request(uri, method, *args, **kwargs)
  File "/opt/my_project/venv3/lib/python3.6/site-packages/google_auth_httplib2.py", line 213, in request
    self.credentials.refresh(self._request)
  File "/opt/my_project/venv3/lib/python3.6/site-packages/google/oauth2/credentials.py", line 136, in refresh
    self._client_secret))
  File "/opt/my_project/venv3/lib/python3.6/site-packages/google/oauth2/_client.py", line 237, in refresh_grant
    response_data = _token_endpoint_request(request, token_uri, body)
  File "/opt/my_project/venv3/lib/python3.6/site-packages/google/oauth2/_client.py", line 111, in _token_endpoint_request
    _handle_error_response(response_body)
  File "/opt/my_project/venv3/lib/python3.6/site-packages/google/oauth2/_client.py", line 61, in _handle_error_response
    error_details, response_body)
google.auth.exceptions.RefreshError: ('invalid_grant: Token has been expired or revoked.', '{\n  "error": "invalid_grant",\n  "error_description": "Token has been expired or revoked."\n}')

如果我在引发异常的行之前添加一些调试行,则会看到以下内容:

creds.valid: True
creds.expired: False

我知道我可以赶上google.auth.exceptions.RefreshError。我遇到的问题是,在quickstart.py的开头有一整段代码,目的是检测令牌是否有效,但是似乎无法检测到这种相当简单的情况,并且直到抛出异常为止我实际上尝试使用令牌来执行命令。万一脚本的第一部分在检测令牌被吊销而无法完成工作的情况下,将每个执行(或至少第一个)放在try-except块中似乎很愚蠢。

在我实际尝试使用证书之前,是否有办法检测到该证书已被吊销?为什么creds.valid和creds.expired无法正常工作?

更新:看来,如果您等待足够长的时间(几分钟或几小时-不确定),则creds.valid和creds.expired最终将显示凭据不再有效。但是,在这段时间之间,如果凭据似乎有效但无法使用,就足以使我的程序在我处理不当时崩溃。

更新2:我唯一能想到的就是像这样运行:

from googleapiclient.discovery import build
from google.auth.exceptions import RefreshError

...
try:
    service = build('calendar', 'v3', credentials=creds)
    service.events().list(calendarId='primary', maxResults=1).execute()
except RefreshError:
    ...
...

在检查凭据是否有效的代码之后。有点像最终检查。这行得通,但似乎有点脏,因为它需要对Google API服务器进行额外的调用,并且基本上就是我上面所说的-将第一个执行放在try-except块中。有没有更好的办法?

python-3.x oauth oauth-2.0 google-api google-oauth2
1个回答
0
投票

快速入门适用于具有您自己的凭据的简单情况。他们显然不希望您撤销自己的授权。而不是仅在凭据过期后才刷新凭据,而是在每次启动时刷新访问令牌。如果刷新令牌已被撤消,则第一次刷新将是失败点。

    # If there are no (valid) credentials available, let the user log in.
    if creds and creds.refresh_token:
        try:
            creds.refresh(Request())
        except RefreshError:
            logger.error("Credentials could not be refreshed, possibly the authorization was revoked by the user.")
            os.unlink('token.pickle')
            return
    else:
        flow = InstalledAppFlow.from_client_secrets_file(
            'credentials.json', SCOPES)
        creds = flow.run_local_server(port=0)
    # Save the credentials for the next run
    with open('token.pickle', 'wb') as token:
        pickle.dump(creds, token)
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.