是否可以使用 json 密钥而不是 p12 密钥作为服务帐户凭据？

Question

我在 C# 中使用“Google.Apis.Bigquery.v2 客户端库”。

我正在使用“服务帐户”授权 Google BigQuery（请参阅 http://www.afterlogic.com/mailbee-net/docs/OAuth2GoogleServiceAccounts.html）。要创建 X509 证书，我使用 Google Developers Console 中的 p12 密钥。但是，现在 json 键是默认值。我可以用它代替 p12 键吗？

我有以下代码：

    string serviceAccountEmail = "xxxx@developer.gserviceaccount.com";

X509Certificate2 certificate;
using (Stream stream = new FileStream(@"C:\key.p12", FileMode.Open, FileAccess.Read, FileShare.Read))
{
    using (MemoryStream ms = new MemoryStream())
    {
        stream.CopyTo(ms);
        certificate = new X509Certificate2(ms.ToArray(), "notasecret", X509KeyStorageFlags.Exportable);
    }
}

// Create credentials
ServiceAccountCredential credential = new ServiceAccountCredential(
    new ServiceAccountCredential.Initializer(serviceAccountEmail)
    {
        Scopes = new[] {
        BigqueryService.Scope.Bigquery,
        BigqueryService.Scope.CloudPlatform,
    },
    }.FromCertificate(certificate));

// Create the service
BaseClientService.Initializer initializer = new BaseClientService.Initializer()
{
    HttpClientInitializer = credential,
    ApplicationName = "My Application",
    GZipEnabled = true,
};

BigqueryService service = new BigqueryService(initializer);
var projects = service.Projects.List().Execute();

Answer 1

现在可以了（我使用了 v 1.13.1.0 的 Google API）。

BigQuery 示例：

GoogleCredential credential;
using (Stream stream = new FileStream(@"C:\mykey.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
    credential = GoogleCredential.FromStream(stream);
}

string[] scopes = new string[] {
    BigqueryService.Scope.Bigquery,
    BigqueryService.Scope.CloudPlatform, 
};
credential = credential.CreateScoped(scopes);

BaseClientService.Initializer initializer = new BaseClientService.Initializer()
{
    HttpClientInitializer = (IConfigurableHttpClientInitializer)credential,
    ApplicationName = "My Application",
    GZipEnabled = true,
};
BigqueryService service = new BigqueryService(initializer);

Google 表格示例：

GoogleCredential credential;
using (Stream stream = new FileStream(@"mykey.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
    credential = GoogleCredential.FromStream(stream);
}
credential = credential.CreateScoped(new[] { 
    "https://spreadsheets.google.com/feeds", 
    "https://docs.google.com/feeds" });

string bearer;
try
{
    Task<string> task = ((ITokenAccess)credential).GetAccessTokenForRequestAsync();
    task.Wait();
    bearer = task.Result;
}
catch (AggregateException ex)
{
    throw ex.InnerException;
}

GDataRequestFactory requestFactory = new GDataRequestFactory("My Application");
requestFactory.CustomHeaders.Add(string.Format(CultureInfo.InvariantCulture, "Authorization: Bearer {0}", bearer));

SpreadsheetsService service = new SpreadsheetsService("My Application");
service.RequestFactory = requestFactory;

Answer 2

我得到了链接，这表明在 C# 应用程序中使用 JSON 文件的服务帐户身份验证尚未添加到 Google BigQuery API 中。

https://github.com/google/google-api-dotnet-client/issues/533

Answer 3

这对我有用：

var scopes = new[] { DriveService.Scope.Drive };

ServiceAccountCredential credential;
using (Stream stream = new FileStream(@"C:\path\key.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
    credential =
        GoogleCredential.FromStream(stream).CreateScoped(scopes).UnderlyingCredential as
            ServiceAccountCredential;
}

显然，您将为scopes 变量和密钥文件的路径提供您自己的值。您还需要获取Google.Apis.Auth.OAuth2 Nuget 包以及您计划使用该凭据的任何其他特定于服务的包（在我的情况下是Google.Apis.Drive.v3）。