Using the Google.Apis.Analytics.v3 library in .NET, I am doing an OAuth2 authentication to the Google Analytics API, like this:
使用.NET中的Google.Apis.Analytics.v3库,我正在对Google AnalyticsAPI进行OAuth2身份验证,如下所示:
string[] scopes = new string[] { AnalyticsService.Scope.Analytics, // view and manage your analytics data
AnalyticsService.Scope.AnalyticsEdit, // edit management actives
AnalyticsService.Scope.AnalyticsManageUsers, // manage users
AnalyticsService.Scope.AnalyticsReadonly}; // View analytics data
UserCredential credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
new ClientSecrets { ClientId = clientId, ClientSecret = clientSecret }
, scopes
, userName
, CancellationToken.None
, new DatabaseDataStore("Analytics")).Result;
AnalyticsService service = new AnalyticsService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Masterpiece"
});
The problem with this is that at the end, I don't know if the authentication was successful or not, as I don't see any way of getting any sort of message from this implementation. Normally, this works just fine and I can go on interrogating the API. However if I revoke the token that I have stored for this username, then this implementation will not tell me that the service was not authenticated and when I try to interrogate the API afterwards I get an error.
这样做的问题是,最后,我不知道身份验证是否成功,因为我没有看到任何方式从此实现获取任何类型的消息。通常情况下,这很好用,我可以继续查询API。但是,如果我撤销我为此用户名存储的令牌,那么此实现将不会告诉我该服务未经过身份验证,并且当我尝试查询API之后我收到错误。
How in the world should I verify if the authentication was done successfully before I start accessing the API methods? If the authentication fails, I want to be able to remove the revoke token from my data store, and try the authentication again, asking for user permission.
在开始访问API方法之前,我应该如何验证身份验证是否成功完成?如果身份验证失败,我希望能够从我的数据存储中删除撤销令牌,并再次尝试身份验证,要求获得用户权限。
1 个解决方案
#1
There are actually a few things that can go wrong that you should consider.
实际上有一些事情可能会出错,你应该考虑。
- The user could click accept. Good No problem here you can check
credential.Token.AccessTokento see that you got an access token back and can access the API. - The user does not click accept but clicks cancle instead. In this instance an exception is throw. That is why your code above should probably be in a try catch. [System.AggregateException] InnerException = {"Error:\"access_denied\", Description:\"\", Uri:\"\""}
- third option is that the user does nothing in which case your code will hang waiting for the result from the user. (Bug report: still working on a solution for this one)
用户可以单击“接受”。好在这里没问题你可以检查credential.Token.AccessToken,看看你有一个访问令牌,可以访问API。
用户不单击“接受”,而是单击“取消”。在这种情况下,抛出异常。这就是为什么上面的代码可能应该在try catch中。 [System.AggregateException] InnerException = {“Error:\”access_denied \“,Description:\”\“,Uri:\”\“”}
第三种选择是用户什么都不做,在这种情况下你的代码会挂起来等待用户的结果。 (错误报告:仍在研究这个解决方案)
Now your worry is that if you delete the user in your DatabaseDataStore what will happen. Well what should happen is the same as if there is a new user. If your code in DatabaseDataStore is correct the system will detect that it doesn't have this user and will prompt the user again for authentication. The client library should do this for you, or rather DatabaseDataStore should. I recommend testing around with user and FileDataStore to see how it works. If yours is not currently prompting for new authentication when you delete a user from the system then there is something wrong with your DatabaseDataStore.
现在您担心的是,如果删除DatabaseDataStore中的用户将会发生什么。那么应该发生的事情就像有一个新用户一样。如果您在DatabaseDataStore中的代码是正确的,系统将检测到它没有此用户,并将再次提示用户进行身份验证。客户端库应该为您执行此操作,或者更确切地说是DatabaseDataStore应该执行此操作。我建议用user和FileDataStore测试它是如何工作的。如果您从系统中删除用户时当前没有提示您进行新的身份验证,那么您的DatabaseDataStore会出现问题。
Recommendations.
- Don't request all those scopes only request what you need.
- Put your code in a try catch in the event you don't get authentication its going to throw an error you will need to Catch it.
- Test on AccessToken if you are really worried about it.
请勿要求所有这些范围仅请求您所需的内容。
如果您没有获得身份验证,请将您的代码放入try catch中,这将导致您需要捕获它。
如果您真的担心它,请在AccessToken上进行测试。
#1
There are actually a few things that can go wrong that you should consider.
实际上有一些事情可能会出错,你应该考虑。
- The user could click accept. Good No problem here you can check
credential.Token.AccessTokento see that you got an access token back and can access the API. - The user does not click accept but clicks cancle instead. In this instance an exception is throw. That is why your code above should probably be in a try catch. [System.AggregateException] InnerException = {"Error:\"access_denied\", Description:\"\", Uri:\"\""}
- third option is that the user does nothing in which case your code will hang waiting for the result from the user. (Bug report: still working on a solution for this one)
用户可以单击“接受”。好在这里没问题你可以检查credential.Token.AccessToken,看看你有一个访问令牌,可以访问API。
用户不单击“接受”,而是单击“取消”。在这种情况下,抛出异常。这就是为什么上面的代码可能应该在try catch中。 [System.AggregateException] InnerException = {“Error:\”access_denied \“,Description:\”\“,Uri:\”\“”}
第三种选择是用户什么都不做,在这种情况下你的代码会挂起来等待用户的结果。 (错误报告:仍在研究这个解决方案)
Now your worry is that if you delete the user in your DatabaseDataStore what will happen. Well what should happen is the same as if there is a new user. If your code in DatabaseDataStore is correct the system will detect that it doesn't have this user and will prompt the user again for authentication. The client library should do this for you, or rather DatabaseDataStore should. I recommend testing around with user and FileDataStore to see how it works. If yours is not currently prompting for new authentication when you delete a user from the system then there is something wrong with your DatabaseDataStore.
现在您担心的是,如果删除DatabaseDataStore中的用户将会发生什么。那么应该发生的事情就像有一个新用户一样。如果您在DatabaseDataStore中的代码是正确的,系统将检测到它没有此用户,并将再次提示用户进行身份验证。客户端库应该为您执行此操作,或者更确切地说是DatabaseDataStore应该执行此操作。我建议用user和FileDataStore测试它是如何工作的。如果您从系统中删除用户时当前没有提示您进行新的身份验证,那么您的DatabaseDataStore会出现问题。
Recommendations.
- Don't request all those scopes only request what you need.
- Put your code in a try catch in the event you don't get authentication its going to throw an error you will need to Catch it.
- Test on AccessToken if you are really worried about it.
请勿要求所有这些范围仅请求您所需的内容。
如果您没有获得身份验证,请将您的代码放入try catch中,这将导致您需要捕获它。
如果您真的担心它,请在AccessToken上进行测试。