问题
I am trying to automate the GoogleAuth
process when using the pydrive
library (https://pypi.python.org/pypi/PyDrive).
I've set up the pydrive and the google API such that my secret_client.json
works but it requires web authentication for gdrive access every time i run my script:
from pydrive.auth import GoogleAuth
from pydrive.drive import GoogleDrive
gauth = GoogleAuth()
gauth.LocalWebserverAuth()
drive = GoogleDrive(gauth)
textfile = drive.CreateFile()
textfile.SetContentFile('eng.txt')
textfile.Upload()
print textfile
drive.CreateFile({'id':textfile['id']}).GetContentFile('eng-dl.txt')
eng.txt
is just a textfile. Moreover when I try to use the above script while I am logged into another account. It doesn't upload the eng.txt
into my gdrive that generated the secret_client.json
but the account that was logged in when I authorize the authentication
From the previous post, I've tried the following to automate the verification process but it's giving error messages:
import base64, httplib2
from pydrive.auth import GoogleAuth
from pydrive.drive import GoogleDrive
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
from pydrive.auth import GoogleAuth
from pydrive.drive import GoogleDrive
#gauth = GoogleAuth()
#gauth.LocalWebserverAuth()
# from google API console - convert private key to base64 or load from file
id = "464269119984-j3oh4aj7pd80mjae2sghnua3thaigugu.apps.googleusercontent.com"
key = base64.b64decode('COaV9QUlO1OdqtjMiUS6xEI8')
credentials = SignedJwtAssertionCredentials(id, key, scope='https://www.googleapis.com/auth/drive')
credentials.authorize(httplib2.Http())
gauth = GoogleAuth()
gauth.credentials = credentials
drive = GoogleDrive(gauth)
drive = GoogleDrive(gauth)
textfile = drive.CreateFile()
textfile.SetContentFile('eng.txt')
textfile.Upload()
print textfile
drive.CreateFile({'id':textfile['id']}).GetContentFile('eng-dl.txt')
Error:
Traceback (most recent call last):
File "/home/alvas/git/SeedLing/cloudwiki.py", line 29, in <module>
textfile.Upload()
File "/usr/local/lib/python2.7/dist-packages/pydrive/files.py", line 216, in Upload
self._FilesInsert(param=param)
File "/usr/local/lib/python2.7/dist-packages/pydrive/auth.py", line 53, in _decorated
self.auth.Authorize()
File "/usr/local/lib/python2.7/dist-packages/pydrive/auth.py", line 422, in Authorize
self.service = build('drive', 'v2', http=self.http)
File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/apiclient/discovery.py", line 192, in build
resp, content = http.request(requested_url)
File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/oauth2client/client.py", line 475, in new_request
self._refresh(request_orig)
File "/usr/local/lib/python2.7/dist-packages/oauth2client/client.py", line 653, in _refresh
self._do_refresh_request(http_request)
File "/usr/local/lib/python2.7/dist-packages/oauth2client/client.py", line 677, in _do_refresh_request
body = self._generate_refresh_request_body()
File "/usr/local/lib/python2.7/dist-packages/oauth2client/client.py", line 861, in _generate_refresh_request_body
assertion = self._generate_assertion()
File "/usr/local/lib/python2.7/dist-packages/oauth2client/client.py", line 977, in _generate_assertion
private_key, self.private_key_password), payload)
File "/usr/local/lib/python2.7/dist-packages/oauth2client/crypt.py", line 131, in from_string
pkey = crypto.load_pkcs12(key, password).get_privatekey()
OpenSSL.crypto.Error: [('asn1 encoding routines', 'ASN1_get_object', 'header too long')]
My authentication on gdrive api looks like this:
How could I use pydrive such that I do not need to authenticate everytime I use it?
How to allow automatic authentication such that the python script using the pydrive script will only upload to the account that generated the secret_client.json
and not the currently logged on account on the internet browser?
回答1:
First, you're misunderstanding one very important bit of how this works:
when I try to use the above script while I am logged into another account. It doesn't upload the eng.txt into my gdrive that generated the secret_client.json but the account that was logged in when I authorize the authentication
This is exactly how it's supposed to work. You, as the developer, distribute client_secret.json
with your application, and that file is used by PyDrive to authenticate the application with Google. Google wants to know how many API requests are being made by each application out there for all sorts of reasons (metrics, charge the account, revoke access, etc.), so it requires the application to authenticate itself.
Now, when your application runs LocalWebserverAuth
, it's authenticating the client with Google. The client, of course, is the person actually using your application. In this case, the developer and client are the same person (you), but imagine your want to distribute your application to a million different people. They need to be able to authenticate themselves and upload files to their own Drive account, rather that having them all end up in yours (the developer), who provided client_secret.json
.
That said, it's really just a very minor change to make it so your app doesn't have to ask the client to authenticate every time you run the app. You just need to use LoadCredentialsFile and SaveCredentialsFile.
from pydrive.auth import GoogleAuth
from pydrive.drive import GoogleDrive
gauth = GoogleAuth()
# Try to load saved client credentials
gauth.LoadCredentialsFile("mycreds.txt")
if gauth.credentials is None:
# Authenticate if they're not there
gauth.LocalWebserverAuth()
elif gauth.access_token_expired:
# Refresh them if expired
gauth.Refresh()
else:
# Initialize the saved creds
gauth.Authorize()
# Save the current credentials to a file
gauth.SaveCredentialsFile("mycreds.txt")
drive = GoogleDrive(gauth)
textfile = drive.CreateFile()
textfile.SetContentFile('eng.txt')
textfile.Upload()
print textfile
drive.CreateFile({'id':textfile['id']}).GetContentFile('eng-dl.txt')
回答2:
An alternative way is to use a custom auth flow by writing a setting.yaml file into the working directory. And this method works better as LocalWebserverAuth()
will generate a token that expires in just one hour and there is no refresh token.
A sample settings.yaml file looks like this
client_config_backend: file
client_config:
client_id: <your_client_id>
client_secret: <your_secret>
save_credentials: True
save_credentials_backend: file
save_credentials_file: credentials.json
get_refresh_token: True
oauth_scope:
- https://www.googleapis.com/auth/drive
- https://www.googleapis.com/auth/drive.install
With this file, you still have to use a browser to complete authentication for the first time, and after that a credentials.json file will be generated in the working directory with a refresh token.
This method works better if you are trying to automate your script on server
回答3:
This whole thread helped me a lot, but after I implemented all the solutions presented here one more issue came along: LocalWebserverAuth() won't get the refresh token.
If you open the "mycreds.txt" generated after you implement @dano's code, you'll see that the "refresh token" will be set to "null". After a couple of hours, the token expires and you get the following and end up having to manually authenticate again.
The error:
raise RefreshError('No refresh_token found.') pydrive.auth.RefreshError: No refresh_token found.Please set access_type of OAuth to offline.
The solution for that is to force the approval_promt and set access_type to offline on the flow params of the GoogleAuth.
Here's how I got no more errors:
gauth = GoogleAuth()
# Try to load saved client credentials
gauth.LoadCredentialsFile("mycreds.txt")
if gauth.credentials is None:
# Authenticate if they're not there
# This is what solved the issues:
gauth.GetFlow()
gauth.flow.params.update({'access_type': 'offline'})
gauth.flow.params.update({'approval_prompt': 'force'})
gauth.LocalWebserverAuth()
elif gauth.access_token_expired:
# Refresh them if expired
gauth.Refresh()
else:
# Initialize the saved creds
gauth.Authorize()
# Save the current credentials to a file
gauth.SaveCredentialsFile("mycreds.txt")
drive = GoogleDrive(gauth)
Thank you all!
回答4:
This is just to complete @wang892 post above (I have not enough reputation to comment).
That answer helped me to automate my script (not having to reauthenticate each time I run it).
But as I used the sample settings.yaml file available in PyDrive documentation, I ran into problems (due to my complete ignorance about how oauth works).
That sample file contains these lines, which I think were limiting my PyDrive script to access only to files and folders created by itself (see PyDrive issue #122 for details):
Limited access:
oauth_scope:
- https://www.googleapis.com/auth/drive.file
- https://www.googleapis.com/auth/drive.install
When I changed those lines the problem was solved (I had to remove my stored credentials and ran the script to reauthorise it, just once again).
With these new lines my script has now access to all files in my Google Drive:
Full access:
oauth_scope:
- https://www.googleapis.com/auth/drive
A bit more about this in PyDrive issue #108, which enlighted me a lot.
回答5:
If the credentials are not in place, this code generates an input box with two options:
Browser authentication(which you need to do just once)
Upload of the credentials file (this file will be generated the fist time you choose for Browser authentication
Now it is easy to share the notebook, which will just run without asking for authorization, since it will be using the credentials saved in the mycreds.txt from the local environment. However, if the runtime crashes or is reset, that file will be lost and it need to be inserted again via the input box above. Of course you can do this again via the Browser authentication, but if you redistribute the mycreds.txt to the people that are using the notebook, they can use the Upload function to insert the credentials to the local environment.
The final few lines just provide an example of how a csv file from the authenticated drive can be uploaded and used in the notebook.
#Install the required packages and fix access to my Google drive account
!pip install pydrive
from pydrive.auth import GoogleAuth
from pydrive.drive import GoogleDrive
from google.colab import auth
from oauth2client.client import GoogleCredentials
#Checks for file with Google authentication key, if the file is not in place, it asks to authenticate via the browser
gauth = GoogleAuth()
if os.path.isfile("mycreds.txt") is False:
choice = input ("Do you want to: U) Upload authentication file (mycreds.txt). B) Browser authentication (only possible for owner of the connected Google drive folder). [U/B]? : ")
if choice == "U":
print ("Upload the mycreds.txt file")
from google.colab import files
files.upload()
elif choice == "B":
auth.authenticate_user()
gauth.credentials = GoogleCredentials.get_application_default()
gauth.SaveCredentialsFile("mycreds.txt")
gauth.LoadCredentialsFile("mycreds.txt")
if gauth.access_token_expired:
gauth.Refresh()
else: gauth.Authorize()
#Now you can easily use the files from your drive by using their ID
drive = GoogleDrive(gauth)
download = drive.CreateFile({'id': '1KRqYpR9cteX-ZIwhdfghju6_wALl4'})
download.GetContentFile('my_data.csv')
data_frame = pd.read_csv('my_data.csv')
来源:https://stackoverflow.com/questions/24419188/automating-pydrive-verification-process