就 Web 开发而言,我是个新手,对于 Google App Scripts 和 OAuth2.0 更是如此。话虽如此,我进行了足够的研究并尝试了几种技巧,但仍无法解决这个问题。
我从这里借鉴了样本:
Google Developers - Client API Library
然后,我创建了一个包含来自该页面代码的 index.html 文件的 Apps Script 项目。我还在开发者控制台上创建了一个项目,创建了客户端 ID、API 密钥,并打开了所需的 API 支持。我还对示例进行了必要的更改,以反映新的客户端 ID 和 API 密钥。
index.html 页面由 HTML 服务提供,SandBox Mode
被设置为 IFRAME。如果我在浏览器窗口中加载 URL(比如使用隐身模式),并点击 “授权” 按钮,它会打开 Google 登录窗口。但是,在登录后,它会弹出两个新标签页,显示如下信息:
Please close this window
而原始浏览器窗口则没有任何变化。
JavaScript 控制台显示以下错误信息:
Unsafe JavaScript attempt to initiate navigation for frame with URL '' from frame with URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2F…6lxdpyio6iqy-script.googleusercontent.com#rpctoken=288384029&forcesecure=1
. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.
从这些信息来看,似乎是使用 IFRAME 的影响,并且某种安全功能正在防止回调被传递到原始窗口。如果我重新加载原始窗口,事情就可以正常运行。但这不是我理想的解决方案。
我该如何解决这个问题?这是一个非常简单的项目,如果需要,我可以提供源代码。
谢谢, Pavan
编辑:以下是我正在尝试的示例代码。为使其正常工作,您需要拥有客户端 ID 和 API 密钥,并在 Google 控制台中设置 JS 来源:
Code.gs
function doGet(e) {
return HtmlService.createHtmlOutputFromFile('index').setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
index.html
<!--
Copyright (c) 2011 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not
use this file except in compliance with the License. You may obtain a copy of
the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations under
the License.
To run this sample, replace YOUR API KEY with your application's API key.
It can be found at https://code.google.com/apis/console/?api=plus under API Access.
Activate the Google+ service at https://code.google.com/apis/console/ under Services
-->
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8' />
</head>
<body>
<!--Add a button for the user to click to initiate auth sequence -->
<button id="authorize-button" style="visibility: hidden">Authorize</button>
<script type="text/javascript">
// Enter a client ID for a web application from the Google Developer Console.
// The provided clientId will only work if the sample is run directly from
// https://google-api-javascript-client.googlecode.com/hg/samples/authSample.html
// In your Developer Console project, add a JavaScript origin that corresponds to the domain
// where you will be running the script.
var clientId = 'YOUR_CLIENT_ID';
// Enter the API key from the Google Develoepr Console - to handle any unauthenticated
// requests in the code.
// The provided key works for this sample only when run from
// https://google-api-javascript-client.googlecode.com/hg/samples/authSample.html
// To use in your own application, replace this API key with your own.
var apiKey = 'YOUR API KEY';
// To enter one or more authentication scopes, refer to the documentation for the API.
var scopes = 'https://www.googleapis.com/auth/plus.me';
// Use a button to handle authentication the first time.
function handleClientLoad() {
gapi.client.setApiKey(apiKey);
window.setTimeout(checkAuth,1);
}
function checkAuth() {
gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: true, response_type: 'token'}, handleAuthResult);
}
function handleAuthResult(authResult) {
var authorizeButton = document.getElementById('authorize-button');
if (authResult && !authResult.error) {
authorizeButton.style.visibility = 'hidden';
makeApiCall();
} else {
authorizeButton.style.visibility = '';
authorizeButton.onclick = handleAuthClick;
}
}
function handleAuthClick(event) {
gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: false, response_type: 'token'}, handleAuthResult);
return false;
}
// Load the API and make an API call. Display the results on the screen.
function makeApiCall() {
gapi.client.load('plus', 'v1', function() {
var request = gapi.client.plus.people.get({
'userId': 'me'
});
request.execute(function(resp) {
var heading = document.createElement('h4');
var image = document.createElement('img');
image.src = resp.image.url;
heading.appendChild(image);
heading.appendChild(document.createTextNode(resp.displayName));
heading.appendChild(document.createTextNode(resp.emails[0].value));
document.getElementById('content').appendChild(heading);
});
});
}
</script>
<script src="https://apis.google.com/js/client.js?onload=handleClientLoad"></script>
<div id="content"></div>
<p>Retrieves your profile name using the Google Plus API.</p>
</body>
</html>