Google Play Android Developer API 401权限不足

I'm using Google Play Android Developer API to server to server check subscription status of our users' subscriptions but after successful authorization and asking for an existing subscription I get the 401 response with the following message 'The current user has insufficient permissions to perform the requsted operation'. Visiting https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=XXXXXX I can see that I do have the requested scope (https://www.googleapis.com/auth/androidpublisher) but I still get the same response everytime. Did anyone else have the same problem?

我正在使用Google Play Android Developer API来服务器检查用户订阅的订阅状态,但在成功授权并要求现有订阅后,我收到401响应,并显示以下消息:“当前用户没有足够的权限执行需要操作'。访问https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=XXXXXX我可以看到我确实有请求的范围(https://www.googleapis.com/auth/androidpublisher)但我仍然得到每次都有相同的反应。有没有其他人有同样的问题?

Edit: I've seen what the Explore API app does, it adds the key in the query string of a request but I don't have that value. In the console I've created a Service Account Client Id which has a client id, email address and a private key but there is no API key which apparently Explore API uses.

编辑:我已经看到了Explore API应用程序的功能,它在请求的查询字符串中添加了键,但我没有该值。在控制台中,我创建了一个服务帐户客户端ID,它具有客户端ID,电子邮件地址和私钥,但没有显示探索API使用的API密钥。

Edit no. 2: I've added the service account generated email both to Google Play Developer Console and Google Wallet console but I still have no acces. I'm using nodejs and the google-oauth-jwt because there is not google provided lib for nodejs.

编辑号2:我已将服务帐户生成的电子邮件添加到Google Play开发者控制台和Google电子钱包控制台,但我仍无法访问。我正在使用nodejs和google-oauth-jwt,因为没有谷歌为nodejs提供lib。

Here is the code I'm using to make a request:

这是我用来发出请求的代码:

var request = require('google-oauth-jwt').requestWithJWT();

function makeReq() {
    request({
        url: 'https://www.googleapis.com/androidpublisher/v1.1/applications/{packageName}/subscriptions/{subscriptionId}/purchases/{purchaseToken}',
        jwt: {
            // use the email address of the service account, as seen in the API console
            email: 'blahblahtrutjtrutj@developer.gserviceaccount.com',
            // use the PEM file we generated from the downloaded key
            keyFile: 'purchases-test.pem',
            // specify the scopes you wish to access
            scopes: ['https://www.googleapis.com/auth/androidpublisher']
        }
    }, function (err, res, body) {
        if (err) {
            console.log(err);
        } else {
            console.log("BODY IS ------------------------------------------");
            console.log(JSON.parse(body));
        }
    });
}

1 个解决方案

#1

There is an email address associated with your service account.

有一个与您的服务帐户关联的电子邮件地址。

This needs to have appropriate permissions in both the dev console AND the Play store. Make sure to add the service address to the Play store.

这需要在开发控制台和Play商店中具有适当的权限。确保将服务地址添加到Play商店。

The way I approached it was to use

我接近它的方式是使用

var googleAuth = require('google-oauth-jwt'),
    authObject = {
        email: 'blahblahtrutjtrutj@developer.gserviceaccount.com',
        keyFile: 'purchases-test.pem',
        scopes: ['https://www.googleapis.com/auth/androidpublisher']
    };

googleAuth.authenticate(authObject, function (err, token) {
    next(err, token);
});

I store the token in redis for an hour and use that token to make my request to the store:

我将令牌存储在redis中一小时,然后使用该令牌向商店发出请求:

var opts = {
    url : verifyUrl + payload.packageName + '/inapp/' + payload.productId + '/purchases/' + payload.token,
    headers: {
        authorization : 'Bearer ' + token
    }
};

request.get(opts, function (error, response, body) {
    next(error, response, body);
});

#1