ChatGPT解决这个技术问题 Extra ChatGPT

Service Applications and Google Analytics API V3: Server-to-server OAuth2 authentication?

I'm trying to make a server application to routinely pull Google Analytics data from my own GA account. Note, it is a personal, server-side application accessing my own data, i.e. there is no end-user accessing this application.

As such, I registered my application in the Google API Console as a Service Application, which gave me a Client ID and a Private Key. It is my understanding that Service Applications do NOT use Application Secret and Redirect URL as there is no end-user in this server-to-server authentication flow. Indeed, the Google API Console gave me no Secret and did not prompt me for a Redirect URL.

Unfortunately, I can not figure out how to authenticate my Service Application within Google's PHP Client API. There is extensive documentation on authenticating web applications with an end-user.

Google's documentation suggests it is possible to authenticate server-to-server by signing a JWT request with the private key. I just can't figure out how to do within the PHP client API (although I've browsed the source and there's definitely a script that signs a request with the private key.)

Am I missing something here? How can I perform authentication for a Service Application with my private key and the Google PHP client API?

Edited for clarity

m
moon prism power

UPDATE July 21st, 2012

Google Analytics API V3 now supports OAuth2 tokens returned by a .p12-signed JWT request. That is, we can now use the Analytics API w/ service accounts.

Currently pulling 4 years of day-by-day metrics, just for the hell of it.

Here's a quick 'n' dirty step-by-step:

Go to the Google API Console and create a new app In the Services tab, flip the Google Analytics switch In the API Access tab, click Create an OAuth2.0 Client ID enter your name, upload a logo, and click Next select the Service account option and press Create client ID download your private key Now you're back on the API Access page. You'll see a section called Service account with a Client ID and Email address Copy the email address (something like ####@developer.gserviceaccount.com) Visit your GA Admin and add this email as a user to your properties This is a must; you'll get cryptic errors otherwise. Get the latest Google PHP Client API via Github git submodule add https://github.com/google/google-api-php-client.git google-api-php-client-read-only Rock 'n' roll (thanks all for tips on updated class names): // api dependencies require_once(PATH_TO_API . 'Google/Client.php'); require_once(PATH_TO_API . 'Google/Service/Analytics.php'); // create client object and set app name $client = new Google_Client(); $client->setApplicationName(APP_NAME); // name of your app // set assertion credentials $client->setAssertionCredentials( new Google_Auth_AssertionCredentials( APP_EMAIL, // email you added to GA array('https://www.googleapis.com/auth/analytics.readonly'), file_get_contents(PATH_TO_PRIVATE_KEY_FILE) // keyfile you downloaded )); // other settings $client->setClientId(CLIENT_ID); // from API console $client->setAccessType('offline_access'); // this may be unnecessary? // create service and get data $service = new Google_Service_Analytics($client); $service->data_ga->get($ids, $startDate, $endDate, $metrics, $optParams);

original workaround below

It seems that, despite ambiguous documentation, most Google APIs do not support service accounts yet, including Google Analytics. They cannot digest OAuth2 tokens returned by a .p12 signed JWT request. So, as of right now, you cannot use Google Analytics API V3 with a service account. Workaround: In the Google API console, create a client application. Follow the steps in the Google PHP Client API examples to generate a client_auth_url using your client_id, client_secret, and redirect_uri Login to Google using cURL. (Be sure to use a cookie file!) Open the client_auth_url in cURL and complete the form. Make sure you set curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); and curl_setopt($ch, CURLOPT_HEADER, 1); as the authorization_code will be in the Location: header of the response. Using your client_id, client_secret, redirect_uri, and the activation code from Step 4, post a request to the Google's OAuth2 Token machine. Make sure you include grant_type = "authorization_code" in your post fields. Hurray, you now have a refresh_token that never expires, and a working access_token! Post a request to the Google's OAuth2 Token machine with your client_id, client_secret, redirect_uri, and refresh_token when your access_token expires and you'll get a new one.

@dubbe After clicking the link above, choose an account, go to the Users tab, and press the New User button.
In the version I just got off SVN, some things have changed. apiClient() -> Google_Client(), apiAssertionCredentials -> Google_AssertionCredentials, apiAnalyticsService -> Google_AnalyticsService.. Basically, 'api...' now is 'Google_...'. (Same for the includes)
@rkarbowski thank you for the original answer - helped me too ;)
Thank You so much! I would have lost a lot of time and probably given up if it hadn't been for your post and especially the update. I started with the "Hello Analytics API" tutorial (developers.google.com/analytics/solutions/articles/…) and I re-used some of their code. For those who do, don't forget to set $client->setUseObjects(true); @rkarbowski I owe you a beer ;) Next time you're in Paris!
@rohan-patel Add require_once 'path/to/src/Google/autoload.php';.
C
Chirag Shah

The Google API PHP Client now supports service accounts on trunk.

The implementation hasn't been released yet, so you'll need to checkout the latest version of the PHP client.

I've prepared a sample application that demonstrates how you can use service accounts to hit the Google Prediction API. To view the example, take a peek at examples/prediction/serviceAccount.php or visit: http://code.google.com/p/google-api-php-client/source/browse/trunk/examples/prediction/serviceAccount.php

Chirag, I had to un-accept your answer as further research reveals that most Google APIs do not support service accounts yet. Using an OAuth2 access token from a .P12 signed JWT results in a forbidden error from the Analytics API.
j
jk.

If you are using Google's PHP client API then go to the Google API Console and click on API Access on the left.

Then Create a Client ID. That will give you the secret and it is where you set your redirect URL. It won't give you a redirect URL - that is the URL the app sends the user back to after authenticating.

There are other authentication methods you can look at.

Thanks for the response. As stated previously, I'm using my app as what Google describes as a service account, i.e. there is no end used involved. When I set up my application as such in the Google API Console, no secret was generated, and there was no prompt for me to enter redirect URL. That makes sense; there is no end-user in this application flow. Also, I would prefer to use the Core Reporting API v3 if possible.
M
Martin Lojek

you can use very usefull php library GAPI (Google Analytics API PHP Interface) to access Google Analytics without OAuth. It's easy to use.

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.