谷歌日历403禁止PHP服务器到服务器通信

1 回答

• 2

  您可能希望最终确定要实施的身份验证：用户需要登录才能执行/请求Google服务或将域范围的权限委派给服务帐户 .

  如果您将使用OAuth 2.0：

  您的应用程序必须使用OAuth 2.0来授权请求 .

  Sample Code from Google：

  <?php
  require_once __DIR__ . '/vendor/autoload.php';
  
  
  define('APPLICATION_NAME', 'Google Calendar API PHP Quickstart');
  define('CREDENTIALS_PATH', '~/.credentials/calendar-php-quickstart.json');
  define('CLIENT_SECRET_PATH', __DIR__ . '/client_secret.json');
  // If modifying these scopes, delete your previously saved credentials
  // at ~/.credentials/calendar-php-quickstart.json
  define('SCOPES', implode(' ', array(
    Google_Service_Calendar::CALENDAR_READONLY)
  ));
  
  if (php_sapi_name() != 'cli') {
    throw new Exception('This application must be run on the command line.');
  }
  
  /**
   * Returns an authorized API client.
   * @return Google_Client the authorized client object
   */
  function getClient() {
    $client = new Google_Client();
    $client->setApplicationName(APPLICATION_NAME);
    $client->setScopes(SCOPES);
    $client->setAuthConfig(CLIENT_SECRET_PATH);
    $client->setAccessType('offline');
  
    // Load previously authorized credentials from a file.
    $credentialsPath = expandHomeDirectory(CREDENTIALS_PATH);
    if (file_exists($credentialsPath)) {
      $accessToken = json_decode(file_get_contents($credentialsPath), true);
    } else {
      // Request authorization from the user.
      $authUrl = $client->createAuthUrl();
      printf("Open the following link in your browser:\n%s\n", $authUrl);
      print 'Enter verification code: ';
      $authCode = trim(fgets(STDIN));
  
      // Exchange authorization code for an access token.
      $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
  
      // Store the credentials to disk.
      if(!file_exists(dirname($credentialsPath))) {
        mkdir(dirname($credentialsPath), 0700, true);
      }
      file_put_contents($credentialsPath, json_encode($accessToken));
      printf("Credentials saved to %s\n", $credentialsPath);
    }
    $client->setAccessToken($accessToken);
  
    // Refresh the token if it's expired.
    if ($client->isAccessTokenExpired()) {
      $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
      file_put_contents($credentialsPath, json_encode($client->getAccessToken()));
    }
    return $client;
  }
  
  /**
   * Expands the home directory alias '~' to the full path.
   * @param string $path the path to expand.
   * @return string the expanded path.
   */
  function expandHomeDirectory($path) {
    $homeDirectory = getenv('HOME');
    if (empty($homeDirectory)) {
      $homeDirectory = getenv('HOMEDRIVE') . getenv('HOMEPATH');
    }
    return str_replace('~', realpath($homeDirectory), $path);
  }
  
  // Get the API client and construct the service object.
  $client = getClient();
  $service = new Google_Service_Calendar($client);
  
  // Print the next 10 events on the user's calendar.
  $calendarId = 'primary';
  $optParams = array(
    'maxResults' => 10,
    'orderBy' => 'startTime',
    'singleEvents' => TRUE,
    'timeMin' => date('c'),
  );
  $results = $service->events->listEvents($calendarId, $optParams);
  
  if (count($results->getItems()) == 0) {
    print "No upcoming events found.\n";
  } else {
    print "Upcoming events:\n";
    foreach ($results->getItems() as $event) {
      $start = $event->start->dateTime;
      if (empty($start)) {
        $start = $event->start->date;
      }
      printf("%s (%s)\n", $event->getSummary(), $start);
    }
  }
  

  如果您将使用Google Apps域范围的授权：

  授权服务帐户代表域中的用户访问数据有时被称为“将域范围授权”委托给服务帐户 .

  来自SO post的示例代码：

  function calendarize ($title, $desc, $ev_date, $cal_id) {
  
      session_start();
  
      /************************************************
      Make an API request authenticated with a service
      account.
      ************************************************/
      set_include_path( '../google-api-php-client/src/');
  
      require_once 'Google/Client.php';
      require_once 'Google/Service/Calendar.php';
  
      //obviously, insert your own credentials from the service account in the Google Developer's console
      $client_id = '843319906820-xxxxxxxxxxxxxxxxxxxdcqal54p1he6.apps.googleusercontent.com';
      $service_account_name = '843319906820-xxxxxxxxxxxxxxxxxxxdcqal54p1he6@developer.gserviceaccount.com';
      $key_file_location = '../google-api-php-client/calendar-xxxxxxxxxxxx.p12';
  
      if (!strlen($service_account_name) || !strlen($key_file_location))
          echo missingServiceAccountDetailsWarning();
  
      $client = new Google_Client();
      $client->setApplicationName("Whatever the name of your app is");
  
      if (isset($_SESSION['service_token'])) {
          $client->setAccessToken($_SESSION['service_token']);
      }
  
      $key = file_get_contents($key_file_location);
      $cred = new Google_Auth_AssertionCredentials(
          $service_account_name, 
          array('https://www.googleapis.com/auth/calendar'), 
          $key
      );
      $client->setAssertionCredentials($cred);
      if($client->getAuth()->isAccessTokenExpired()) {
          $client->getAuth()->refreshTokenWithAssertion($cred);
      }
      $_SESSION['service_token'] = $client->getAccessToken();
  
      $calendarService = new Google_Service_Calendar($client);
      $calendarList = $calendarService->calendarList;
  
      //Set the Event data
      $event = new Google_Service_Calendar_Event();
      $event->setSummary($title);
      $event->setDescription($desc);
  
      $start = new Google_Service_Calendar_EventDateTime();
      $start->setDateTime($ev_date);
      $event->setStart($start);
  
      $end = new Google_Service_Calendar_EventDateTime();
      $end->setDateTime($ev_date);
      $event->setEnd($end);
  
      $createdEvent = $calendarService->events->insert($cal_id, $event);
  
      echo $createdEvent->getId();
  } 
  
  ?>
  

  Note ：如果您打算只使用一个日历，我建议您使用服务帐户，然后将您的日历共享到该帐户，以避免403：Forbidden，如相关SO post所述

  希望这可以帮助 .

  回复于 2024-04-30T12:07:10+08:00