问题描述
这个问题类似于 How can I authorize a Google Service Account without the default credentials file?,但特别是关于如何使用 Rails 的内置机密/凭据功能。
我意识到它需要是 JSON,但是当我将凭据存储在私有方法中并将该方法传递给 json_key_io 时,我得到一个 NoMethodError:
def call
auth = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: credentials,scope: Google::Apis::ClassroomV1::AUTH_CLASSROOM_ROSTERS
)
end
private
def credentials
@credentials ||= {
type: "service_account",project_id: Rails.application.credentials.google[:project_id],private_key_id: Rails.application.credentials.google[:private_key_id],private_key: Rails.application.credentials.google[:private_key],client_email: Rails.application.credentials.google[:client_email],client_id: Rails.application.credentials.google[:client_id],auth_uri: "https://accounts.google.com/o/oauth2/auth",token_uri: "https://oauth2.googleapis.com/token",auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs",client_x509_cert_url: Rails.application.credentials.google[:client_x509_cert_url],}.to_json
end
NoMethodError (undefined method ``read' for "{\"type\":\"service_acco...
解决方法
我遗漏的关键(如 miggitymac 中的 this answer 所指出的)是客户端需要一个 IO 对象(一个文件),而不是一个字符串。
添加 StringIO.new 后,现在可以正常工作了:
def call
auth = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: StringIO.new(credentials),scope: Google::Apis::ClassroomV1::AUTH_CLASSROOM_ROSTERS
)
end
private
def credentials
@credentials ||= {
type: "service_account",project_id: Rails.application.credentials.google[:project_id],private_key_id: Rails.application.credentials.google[:private_key_id],private_key: Rails.application.credentials.google[:private_key],client_email: Rails.application.credentials.google[:client_email],client_id: Rails.application.credentials.google[:client_id],auth_uri: "https://accounts.google.com/o/oauth2/auth",token_uri: "https://oauth2.googleapis.com/token",auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs",client_x509_cert_url: Rails.application.credentials.google[:client_x509_cert_url],}.to_json
end