带有OAuth2的YouTube API v3:更新和删除失败并显示“权限不足”错误

时间:2020-11-25 15:19:25

I am trying to update and delete videos using the YouTube API v3 with OAuth2 for authentication via the google-api-client (0.6.4) Ruby gem. However, when I attempt to execute either of these two actions, I see the following error message:

我正在尝试使用带有OAuth2的YouTube API v3更新和删除视频,以便通过google-api-client(0.6.4)Ruby gem进行身份验证。但是,当我尝试执行这两个操作中的任何一个时,我看到以下错误消息:

Google::APIClient::ClientError: Insufficient Permission

Here's the odd thing: Using the exact same authentication procedure as with update and delete, I can insert (upload) successfully, no problem! So, I do not believe this is a problem with my authentication setup, but somewhere else in my code.

这是奇怪的事情:使用与更新和删除完全相同的身份验证过程,我可以成功插入(上传),没问题!所以,我不相信这是我的身份验证设置的问题,但我的代码中的其他地方。

My read-write scope is always the same across any of these actions:

我的读写范围在以下任何操作中始终相同:

https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/youtube.upload

And according to the API documentation, that space-delimited set of scopes should cover insert, update and delete actions.

根据API文档,该空格分隔的范围集应涵盖插入,更新和删除操作。

My client_id, client_secret, refresh_token are always the same for all these actions too -- so, that can't be the problem either, can it? Note that my program automatically obtains a new access_token when it expires, so, again, I do not believe that is where the problem lies.

对于所有这些操作,我的client_id,client_secret,refresh_token总是相同的 - 所以,这也不是问题,可以吗?请注意,我的程序在到期时会自动获取新的access_token,因此,我不相信这就是问题所在。

To compare, here is what my insert (upload) code looks like (this works):

为了比较,这是我的插入(上传)代码的样子(这是有效的):

# Auth stuff, then...
@client.execute!(
  :api_method => @youtube.videos.insert,
  :body_object => body,
  :media => Google::APIClient::UploadIO.new(file_path, 'video/*'),
  :parameters => {
    'uploadType' => 'multipart',
    :part => body.keys.join(','),
  }
)

And here is what my delete code looks like (this fails):

这是我的删除代码看起来像(这失败):

# Auth stuff, then...
@client.execute!(
  :api_method => @youtube.videos.delete,
  :parameters => {
    'id' => youtube_id,
  }
)

What am I missing? Unfortunately, the YouTube API documentation for delete does not provide any examples, so I've got nothing to compare against. Please let me know if there is further information that I can provide to make my question clearer.

我错过了什么?不幸的是,用于删除的YouTube API文档没有提供任何示例,因此我没有什么可比较的。如果我能提供更多信息以便让我的问题更清楚,请告诉我。

1 个解决方案

#1


13  

I'm fairly sure all 11 views of this question (as of this writing) are me, but I'm going to post an answer just in case it helps someone in the future:

我相当肯定这个问题的所有11个观点(截至本文撰写时)都是我,但我会发布一个答案,以防它在将来帮助某人:

There was no problem with my code itself. The problem was when I initially created my refresh_token for this account.

我的代码本身没有问题。问题是我最初为此帐户创建了refresh_token。

For the uninitiated, the YouTube Data API (v3) does not support "service accounts," which, elsewhere in the Google API ecosystem, are the way you would normally accomplish setting up an OAuth2 auth'd client when the only client is yourself. The workaround is something you have to do by hand. Take the steps below:

对于初学者,YouTube数据API(v3)不支持“服务帐户”,在Google API生态系统的其他位置,这是您通常在唯一客户自己时设置OAuth2身份验证客户端的方式。解决方法是您必须手动完成的。采取以下步骤:


First, go to the Google "API Console." There, under "API Access," you need to "Create a client ID" for an "installed application." This will give you a Client ID, a Client secret and a Redirect URI (you'll want the non-localhost one). Write these down.

首先,转到Google“API控制台”。在“API访问”下,您需要为“已安装的应用程序”创建“客户端ID”。这将为您提供客户端ID,客户端密钥和重定向URI(您将需要非本地主机URI)。写下这些。

Next, you need to manually obtain an authorization code by visiting a URL like the following in your favorite web browser, while logged in to the same account you just created the client ID for:

接下来,您需要通过在您喜欢的Web浏览器中访问如下所示的URL来手动获取授权代码,同时登录到您刚创建客户端ID的同一帐户:

https://accounts.google.com/o/oauth2/auth
  ?client_id={client_id}
  &redirect_uri={redirect_uri}
  &scope={space separated scopes}
  &response_type=code
  &access_type=offline

Of course, you need to enter the client_id, redirect_uri and scope query parameters. In my case, this is where I went wrong. When I did this manual step, I should have put the scope param as:

当然,您需要输入client_id,redirect_uri和范围查询参数。在我的情况下,这是我出错的地方。当我做这个手动步骤时,我应该把范围参数放在:

https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/youtube.upload

But instead I just did https://www.googleapis.com/auth/youtube.upload, which is insufficient to update/delete videos!

但我只是做了https://www.googleapis.com/auth/youtube.upload,这不足以更新/删除视频!

Last, you need to obtain a refresh_token, by taking a URL like this:

最后,您需要获取一个refresh_token,方法是使用以下URL:

https://accounts.google.com/o/oauth2/token
  ?code={authorization_code}
  &client_id={client_id}
  &client_secret={client_secret}
  &redirect_uri={redirect_uri}
  &grant_type=authorization_code

And curl'ing it with a command like:

用以下命令来卷曲它:

$ curl https://accounts.google.com/o/oauth2/token -d "code=..."

This will return a JSON response that contains your refresh_token, which you then use when authorizing your request programmatically through the Google API.

这将返回包含您的refresh_token的JSON响应,然后您在通过Google API以编程方式授权您的请求时使用该响应。

#1


13  

I'm fairly sure all 11 views of this question (as of this writing) are me, but I'm going to post an answer just in case it helps someone in the future:

我相当肯定这个问题的所有11个观点(截至本文撰写时)都是我,但我会发布一个答案,以防它在将来帮助某人:

There was no problem with my code itself. The problem was when I initially created my refresh_token for this account.

我的代码本身没有问题。问题是我最初为此帐户创建了refresh_token。

For the uninitiated, the YouTube Data API (v3) does not support "service accounts," which, elsewhere in the Google API ecosystem, are the way you would normally accomplish setting up an OAuth2 auth'd client when the only client is yourself. The workaround is something you have to do by hand. Take the steps below:

对于初学者,YouTube数据API(v3)不支持“服务帐户”,在Google API生态系统的其他位置,这是您通常在唯一客户自己时设置OAuth2身份验证客户端的方式。解决方法是您必须手动完成的。采取以下步骤:


First, go to the Google "API Console." There, under "API Access," you need to "Create a client ID" for an "installed application." This will give you a Client ID, a Client secret and a Redirect URI (you'll want the non-localhost one). Write these down.

首先,转到Google“API控制台”。在“API访问”下,您需要为“已安装的应用程序”创建“客户端ID”。这将为您提供客户端ID,客户端密钥和重定向URI(您将需要非本地主机URI)。写下这些。

Next, you need to manually obtain an authorization code by visiting a URL like the following in your favorite web browser, while logged in to the same account you just created the client ID for:

接下来,您需要通过在您喜欢的Web浏览器中访问如下所示的URL来手动获取授权代码,同时登录到您刚创建客户端ID的同一帐户:

https://accounts.google.com/o/oauth2/auth
  ?client_id={client_id}
  &redirect_uri={redirect_uri}
  &scope={space separated scopes}
  &response_type=code
  &access_type=offline

Of course, you need to enter the client_id, redirect_uri and scope query parameters. In my case, this is where I went wrong. When I did this manual step, I should have put the scope param as:

当然,您需要输入client_id,redirect_uri和范围查询参数。在我的情况下,这是我出错的地方。当我做这个手动步骤时,我应该把范围参数放在:

https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/youtube.upload

But instead I just did https://www.googleapis.com/auth/youtube.upload, which is insufficient to update/delete videos!

但我只是做了https://www.googleapis.com/auth/youtube.upload,这不足以更新/删除视频!

Last, you need to obtain a refresh_token, by taking a URL like this:

最后,您需要获取一个refresh_token,方法是使用以下URL:

https://accounts.google.com/o/oauth2/token
  ?code={authorization_code}
  &client_id={client_id}
  &client_secret={client_secret}
  &redirect_uri={redirect_uri}
  &grant_type=authorization_code

And curl'ing it with a command like:

用以下命令来卷曲它:

$ curl https://accounts.google.com/o/oauth2/token -d "code=..."

This will return a JSON response that contains your refresh_token, which you then use when authorizing your request programmatically through the Google API.

这将返回包含您的refresh_token的JSON响应,然后您在通过Google API以编程方式授权您的请求时使用该响应。