since JWT authenticated transport was added to the oauth package back in
February, using JWT with service accounts is a whole lot easier. you no
longer have to manually Assert(). here's a code snippet from an app that i
use to pull data down using a service account from the Analytics Core
Reporting API:
// read in the site-specific PEM key file
key, err := ioutil.ReadFile("/tmp/serviceaccountkey.pem")
if err != nil {
// do something
}
// create a new JWT token to authorize server-to-server Google API
calls, using the service account emailaddr, analytics scope and PEM key
jsonwebtoken :=
jwt.NewToken("
0123456789-abcdef@developer.gserviceaccount.com",
"https://www.googleapis.com/auth/analytics.readonly" key)
// create an authenticated HTTP transport (expired tokens get refreshed
automatically)
transport, err := jwt.NewTransport(jsonwebtoken)
if err != nil {
// do something
}
// create the analytics service, passing in the transport (including
token)
analyticsService, err := analytics.New(transport.Client())
if err != nil {
// do something
}
// create the Analytics Data Service
dataGaService := analytics.NewDataGaService(analyticsService)
i don't think the example code has been updated to reflect this new E-Z
goodness.
in contrast, this is kinda what you used to have to do:
// struct to read the service account secrets file that you downloaded
from Google Cloud Console into
type GoogleSecretsConfig struct {
ClientEmail string `json:"client_email"`
ClientId string `json:"client_id"`
ClientSecret string `json:"client_secret"`
RedirectURIs []string `json:"redirect_uris"`
Scope string
AuthURI string `json:"auth_uri"`
TokenURI string `json:"token_uri"`
}
googlesecrets := new(GoogleSecretsConfig)
data, err :=
ioutil.ReadFile("/tmp/serviceaccountsecretsfilefromCloudConsole.json")
if err != nil {
// do something
}
err = json.Unmarshal(data, &googlesecrets)
if err != nil {
// do something
}
oauthconfig := &oauth.Config{
ClientId: secretsconfig.ClientId,
ClientSecret: secretsconfig.ClientSecret,
Scope: "https://www.googleapis.com/auth/analytics.readonly",
AuthURL: secretsconfig.AuthURI,
TokenURL: secretsconfig.TokenURI,
}
// read in the site-specific PEM key file
key, err := ioutil.ReadFile("/tmp/serviceaccountkey.pem")
if err != nil {
// do something
}
jsonwebtoken :=
jwt.NewToken("
0123456789-abcdef@developer.gserviceaccount.com",
oauthconfig.Scope, key)
jsonwebtoken.ClaimSet.Aud = "https://accounts.google.com/o/oauth2/token"
// create a basic httpclient that we will use with the json web token
assertion
httpclient := &http.Client{}
// encode and send the json web token, getting an *oauth.Token in return
oauthtoken, err := jsonwebtoken.Assert(httpclient)
if err != nil {
// do something
}
// build the oauth http transport
transport := oauth.Transport{Config: oauthconfig}
// set the transport token to be the oauthtoken
transport.Token = oauthtoken
// create the analytics service, passing in the transport
analyticsService, err := analytics.New(transport.Client())
if err != nil {
// do something
}
// create the Analytics Data Service
dataGaService := analytics.NewDataGaService(analyticsService)
hope this helps! let me know if you have any more questions. if you're
still having problems, make sure you've explicitly turned on the API
specific to the Google service you're trying to authenticate with in the
Google Cloud Console for the service account that you're using to
authenticate. sounds obvious but ..... :)
-RMT
On Saturday, August 30, 2014 11:29:41 AM UTC-7, ha...@klarsys.com wrote:Bump. Exact same issue. Anyone figure it out yet?
On Saturday, August 23, 2014 5:12:24 AM UTC+5:30, itsle...@gmail.com
wrote:
+1 same issue here
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.
