OAuth2.0 库
使用集合让一切井井有条 根据您的偏好保存内容并对其进行分类。
为 OAuth2 授权的请求创建对象
/** * Simple library for sending OAuth2 authenticated requests. * See: https://developers.google.com/google-ads/scripts/docs/features/third-party-apis#oauth_2 * for full details. */ /** * Adds a OAuth object, for creating authenticated requests, to the global * object. */ (function(scope) { /** * Creates an object for making authenticated URL fetch requests with a * given stored access token. * @param {string} accessToken The access token to store and use. * @constructor */ function OAuth2UrlFetchApp(accessToken) { this.accessToken_ = accessToken; } /** * Performs an HTTP request for the given URL. * @param {string} url The URL to fetch * @param {?Object=} options Options as per UrlFetchApp.fetch * @return {!HTTPResponse} The HTTP Response object. */ OAuth2UrlFetchApp.prototype.fetch = function(url, opt_options) { const fetchOptions = opt_options || {}; if (!fetchOptions.headers) { fetchOptions.headers = {}; } fetchOptions.headers.Authorization = 'Bearer ' + this.accessToken_; return UrlFetchApp.fetch(url, fetchOptions); }; /** * Performs the authentication step * @param {string} tokenUrl The endpoint for use in obtaining the token. * @param {!Object} payload The authentication payload, typically containing * details of the grant type, credentials etc. * @param {string=} opt_authHeader Client credential grant also can make use * of an Authorisation header, as specified here * @param {string=} opt_scope Optional string of spaced-delimited scopes. * @return {string} The access token */ function authenticate_(tokenUrl, payload, opt_authHeader, opt_scope) { const options = {muteHttpExceptions: true, method: 'POST', payload: payload}; if (opt_scope) { options.payload.scope = opt_scope; } if (opt_authHeader) { options.headers = {Authorization: opt_authHeader}; } const response = UrlFetchApp.fetch(tokenUrl, options); const responseData = JSON.parse(response.getContentText()); if (responseData && responseData.access_token) { const accessToken = responseData.access_token; } else { throw Error('No access token received: ' + response.getContentText()); } return accessToken; } /** * Creates a OAuth2UrlFetchApp object having authenticated with a refresh * token. * @param {string} tokenUrl The endpoint for use in obtaining the token. * @param {string} clientId The client ID representing the application. * @param {string} clientSecret The client secret. * @param {string} refreshToken The refresh token obtained through previous * (possibly interactive) authentication. * @param {string=} opt_scope Space-delimited set of scopes. * @return {!OAuth2UrlFetchApp} The object for making authenticated requests. */ function withRefreshToken( tokenUrl, clientId, clientSecret, refreshToken, opt_scope) { const payload = { grant_type: 'refresh_token', client_id: clientId, client_secret: clientSecret, refresh_token: refreshToken }; const accessToken = authenticate_(tokenUrl, payload, null, opt_scope); return new OAuth2UrlFetchApp(accessToken); } /** * Creates a OAuth2UrlFetchApp object having authenticated with client * credentials. * @param {string} tokenUrl The endpoint for use in obtaining the token. * @param {string} clientId The client ID representing the application. * @param {string} clientSecret The client secret. * @param {string=} opt_scope Space-delimited set of scopes. * @return {!OAuth2UrlFetchApp} The object for making authenticated requests. */ function withClientCredentials(tokenUrl, clientId, clientSecret, opt_scope) { const authHeader = 'Basic ' + Utilities.base64Encode([clientId, clientSecret].join(':')); const payload = { grant_type: 'client_credentials', client_id: clientId, client_secret: clientSecret }; const accessToken = authenticate_(tokenUrl, payload, authHeader, opt_scope); return new OAuth2UrlFetchApp(accessToken); } /** * Creates a OAuth2UrlFetchApp object having authenticated with OAuth2 username * and password. * @param {string} tokenUrl The endpoint for use in obtaining the token. * @param {string} clientId The client ID representing the application. * @param {string} username OAuth2 Username * @param {string} password OAuth2 password * @param {string=} opt_scope Space-delimited set of scopes. * @return {!OAuth2UrlFetchApp} The object for making authenticated requests. */ function withPassword(tokenUrl, clientId, username, password, opt_scope) { const payload = { grant_type: 'password', client_id: clientId, username: username, password: password }; const accessToken = authenticate_(tokenUrl, payload, null, opt_scope); return new OAuth2UrlFetchApp(accessToken); } /** * Creates a OAuth2UrlFetchApp object having authenticated as a Service * Account. * Flow details taken from: * https://developers.google.com/identity/protocols/OAuth2ServiceAccount * @param {string} tokenUrl The endpoint for use in obtaining the token. * @param {string} serviceAccount The email address of the Service Account. * @param {string} key The key taken from the downloaded JSON file. * @param {string} scope Space-delimited set of scopes. * @return {!OAuth2UrlFetchApp} The object for making authenticated requests. */ function withServiceAccount(tokenUrl, serviceAccount, key, scope) { const assertionTime = new Date(); const jwtHeader = '{"alg":"RS256","typ":"JWT"}'; const jwtClaimSet = { iss: serviceAccount, scope: scope, aud: tokenUrl, exp: Math.round(assertionTime.getTime() / 1000 + 3600), iat: Math.round(assertionTime.getTime() / 1000) }; const jwtAssertion = Utilities.base64EncodeWebSafe(jwtHeader) + '.' + Utilities.base64EncodeWebSafe(JSON.stringify(jwtClaimSet)); const signature = Utilities.computeRsaSha256Signature(jwtAssertion, key); jwtAssertion += '.' + Utilities.base64Encode(signature); const payload = { grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer', assertion: jwtAssertion }; const accessToken = authenticate_(tokenUrl, payload, null); return new OAuth2UrlFetchApp(accessToken); } scope.OAuth2 = { withRefreshToken: withRefreshToken, withClientCredentials: withClientCredentials, withServiceAccount: withServiceAccount, withPassword: withPassword }; })(this); 如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-08-21。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["没有我需要的信息","missingTheInformationINeed","thumb-down"],["太复杂/步骤太多","tooComplicatedTooManySteps","thumb-down"],["内容需要更新","outOfDate","thumb-down"],["翻译问题","translationIssue","thumb-down"],["示例/代码问题","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-21。"],[[["\u003cp\u003eProvides a simplified library for sending OAuth2-authenticated HTTP requests within Google Apps Script.\u003c/p\u003e\n"],["\u003cp\u003eOffers different authentication methods including refresh token, client credentials, service account and password.\u003c/p\u003e\n"],["\u003cp\u003eUses \u003ccode\u003eUrlFetchApp\u003c/code\u003e to perform the actual HTTP requests after obtaining an access token.\u003c/p\u003e\n"],["\u003cp\u003eAbstracts away the complexity of OAuth2 authentication flows for various use cases.\u003c/p\u003e\n"],["\u003cp\u003eReturns an \u003ccode\u003eOAuth2UrlFetchApp\u003c/code\u003e object enabling authorized requests with the access token.\u003c/p\u003e\n"]]],[],null,["Create an object for OAuth2-authorized requests \n\n```gdscript\n/**\n * Simple library for sending OAuth2 authenticated requests.\n * See: https://developers.google.com/google-ads/scripts/docs/features/third-party-apis#oauth_2\n * for full details.\n */\n\n/**\n * Adds a OAuth object, for creating authenticated requests, to the global\n * object.\n */\n(function(scope) {\n /**\n * Creates an object for making authenticated URL fetch requests with a\n * given stored access token.\n * @param {string} accessToken The access token to store and use.\n * @constructor\n */\n function OAuth2UrlFetchApp(accessToken) { this.accessToken_ = accessToken; }\n\n /**\n * Performs an HTTP request for the given URL.\n * @param {string} url The URL to fetch\n * @param {?Object=} options Options as per UrlFetchApp.fetch\n * @return {!HTTPResponse} The HTTP Response object.\n */\n OAuth2UrlFetchApp.prototype.fetch = function(url, opt_options) {\n const fetchOptions = opt_options || {};\n if (!fetchOptions.headers) {\n fetchOptions.headers = {};\n }\n fetchOptions.headers.Authorization = 'Bearer ' + this.accessToken_;\n return UrlFetchApp.fetch(url, fetchOptions);\n };\n\n /**\n * Performs the authentication step\n * @param {string} tokenUrl The endpoint for use in obtaining the token.\n * @param {!Object} payload The authentication payload, typically containing\n * details of the grant type, credentials etc.\n * @param {string=} opt_authHeader Client credential grant also can make use\n * of an Authorisation header, as specified here\n * @param {string=} opt_scope Optional string of spaced-delimited scopes.\n * @return {string} The access token\n */\n function authenticate_(tokenUrl, payload, opt_authHeader, opt_scope) {\n const options = {muteHttpExceptions: true, method: 'POST', payload: payload};\n if (opt_scope) {\n options.payload.scope = opt_scope;\n }\n if (opt_authHeader) {\n options.headers = {Authorization: opt_authHeader};\n }\n const response = UrlFetchApp.fetch(tokenUrl, options);\n const responseData = JSON.parse(response.getContentText());\n if (responseData && responseData.access_token) {\n const accessToken = responseData.access_token;\n } else {\n throw Error('No access token received: ' + response.getContentText());\n }\n return accessToken;\n }\n\n /**\n * Creates a OAuth2UrlFetchApp object having authenticated with a refresh\n * token.\n * @param {string} tokenUrl The endpoint for use in obtaining the token.\n * @param {string} clientId The client ID representing the application.\n * @param {string} clientSecret The client secret.\n * @param {string} refreshToken The refresh token obtained through previous\n * (possibly interactive) authentication.\n * @param {string=} opt_scope Space-delimited set of scopes.\n * @return {!OAuth2UrlFetchApp} The object for making authenticated requests.\n */\n function withRefreshToken(\n tokenUrl, clientId, clientSecret, refreshToken, opt_scope) {\n const payload = {\n grant_type: 'refresh_token',\n client_id: clientId,\n client_secret: clientSecret,\n refresh_token: refreshToken\n };\n const accessToken = authenticate_(tokenUrl, payload, null, opt_scope);\n return new OAuth2UrlFetchApp(accessToken);\n }\n\n /**\n * Creates a OAuth2UrlFetchApp object having authenticated with client\n * credentials.\n * @param {string} tokenUrl The endpoint for use in obtaining the token.\n * @param {string} clientId The client ID representing the application.\n * @param {string} clientSecret The client secret.\n * @param {string=} opt_scope Space-delimited set of scopes.\n * @return {!OAuth2UrlFetchApp} The object for making authenticated requests.\n */\n function withClientCredentials(tokenUrl, clientId, clientSecret, opt_scope) {\n const authHeader =\n 'Basic ' + Utilities.base64Encode([clientId, clientSecret].join(':'));\n const payload = {\n grant_type: 'client_credentials',\n client_id: clientId,\n client_secret: clientSecret\n };\n const accessToken = authenticate_(tokenUrl, payload, authHeader, opt_scope);\n return new OAuth2UrlFetchApp(accessToken);\n }\n\n /**\n * Creates a OAuth2UrlFetchApp object having authenticated with OAuth2 username\n * and password.\n * @param {string} tokenUrl The endpoint for use in obtaining the token.\n * @param {string} clientId The client ID representing the application.\n * @param {string} username OAuth2 Username\n * @param {string} password OAuth2 password\n * @param {string=} opt_scope Space-delimited set of scopes.\n * @return {!OAuth2UrlFetchApp} The object for making authenticated requests.\n */\n function withPassword(tokenUrl, clientId, username, password, opt_scope) {\n const payload = {\n grant_type: 'password',\n client_id: clientId,\n username: username,\n password: password\n };\n const accessToken = authenticate_(tokenUrl, payload, null, opt_scope);\n return new OAuth2UrlFetchApp(accessToken);\n }\n\n /**\n * Creates a OAuth2UrlFetchApp object having authenticated as a Service\n * Account.\n * Flow details taken from:\n * https://developers.google.com/identity/protocols/OAuth2ServiceAccount\n * @param {string} tokenUrl The endpoint for use in obtaining the token.\n * @param {string} serviceAccount The email address of the Service Account.\n * @param {string} key The key taken from the downloaded JSON file.\n * @param {string} scope Space-delimited set of scopes.\n * @return {!OAuth2UrlFetchApp} The object for making authenticated requests.\n */\n function withServiceAccount(tokenUrl, serviceAccount, key, scope) {\n const assertionTime = new Date();\n const jwtHeader = '{\"alg\":\"RS256\",\"typ\":\"JWT\"}';\n const jwtClaimSet = {\n iss: serviceAccount,\n scope: scope,\n aud: tokenUrl,\n exp: Math.round(assertionTime.getTime() / 1000 + 3600),\n iat: Math.round(assertionTime.getTime() / 1000)\n };\n const jwtAssertion = Utilities.base64EncodeWebSafe(jwtHeader) + '.' +\n Utilities.base64EncodeWebSafe(JSON.stringify(jwtClaimSet));\n const signature = Utilities.computeRsaSha256Signature(jwtAssertion, key);\n jwtAssertion += '.' + Utilities.base64Encode(signature);\n const payload = {\n grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',\n assertion: jwtAssertion\n };\n const accessToken = authenticate_(tokenUrl, payload, null);\n return new OAuth2UrlFetchApp(accessToken);\n }\n\n scope.OAuth2 = {\n withRefreshToken: withRefreshToken,\n withClientCredentials: withClientCredentials,\n withServiceAccount: withServiceAccount,\n withPassword: withPassword\n };\n})(this);\n```"]]
