问题描述
我有一个使用Google's OAuth2 library的脚本,该脚本最近开始因错误而失败
我检查了属性,没有发现与原始配置有任何意外的差异。我的媒体资源的完整字符串化文本长度约为5000个字符,远低于500kB/property store quota和最长的单个媒体资源〜2500个字符(低于9kB /值的配额)。
我发现只有在将Google's OAuth2 library与服务帐户一起使用时才会发生此错误。但是, 如果我直接在项目中加入library dist,该错误就会消失。
如果库服务和本地副本的属性服务版本相同,为什么属性服务的行为方式有所不同?
(在其他脚本中,我将OAuth2库与标准授权码授予流程一起使用,则没有问题。)
此脚本将复制错误,但需要您create a service account并按照getAdminDirectory_()中的定义设置正确的脚本属性。 (使用Rhino解释器。)
/**
* Get a GSuite User.
*/
function getUser() {
var email = "[email protected]";
var user = AdminDirectory_getUser_(email);
Logger.log(user);
}
/**
* Gets a user from the GSuite organization by their email address.
* @returns {User} - https://developers.google.com/admin-sdk/directory/v1/reference/users#resource
*/
function AdminDirectory_getUser_(email) {
var service = getAdminDirectory_();
if (service.hasAccess()) {
var url = "https://www.googleapis.com/admin/directory/v1/users/" + email;
var options = {
method: "get",headers: {
Authorization: "Bearer " + service.getAccesstoken()
}
};
var response = UrlFetchApp.fetch(url,options);
var result = JSON.parse(response.getContentText());
return result;
} else {
throw service.getLastError();
}
}
/**
* Configures the service.
*/
function getAdminDirectory_() {
// Get service account from properties
var scriptProperties = PropertiesService.getScriptProperties();
var serviceAccount = JSON.parse(scriptProperties.getProperty("service_account"));
// Email address of the user to impersonate.
var user_email = scriptProperties.getProperty("service_account_user");
return OAuth2.createService("AdminDirectory:" + user_email)
// Set the endpoint URL.
.setTokenUrl("https://oauth2.googleapis.com/token")
// Set the private key and issuer.
.setPrivateKey(serviceAccount.private_key)
.setIssuer(serviceAccount.client_email)
// Set the name of the user to impersonate. This will only work for
// Google Apps for Work/EDU accounts whose admin has setup domain-wide
// delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
.setSubject(user_email)
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(scriptProperties)
// Set the scope. This must match one of the scopes configured during the
// setup of domain-wide delegation.
.setScope("https://www.googleapis.com/auth/admin.directory.user");
}
解决方法
这似乎是一个已知问题。考虑在this issue上加一个星号(在左上角),让Google开发人员知道您受到了影响。考虑向跟踪器添加评论,其中包含#7
请求的详细信息可能的解决方案:
-
如问题所述,直接使用library code by copy pasting而不是使用越野车功能。
-
切换到v8-#21
-
等待随机/自动分辨率-#14