Google 推送通知 - 未经授权的 WebHook 回调通道
2022-09-01 22:53:08
我遇到了 Google 推送通知(用于驱动器)的问题。我使用服务帐户,该帐户非常适合除驱动器更改监视之外的所有其他驱动器操作。
下面是应用程序代码,它现在因“未经授权的 WebHook 回调通道”异常而失败。我还转储了在调用drive.changes.watch.execute时生成的请求和响应。
目标通知地址在API和auth Push控制面板中被列入白名单(我甚至在Javascript起源和引用中列出了它),现在我陷入了这个401未经授权的错误。
有人知道我在哪里犯错吗?感谢您的任何帮助。
PrivateKey serviceAccountPrivateKey = SecurityUtils.loadPrivateKeyFromKeyStore(SecurityUtils.getPkcs12KeyStore(), p12File, "notasecret", "privatekey", "notasecret");
JsonFactory jsonFactory = new JacksonFactory();
HttpTransport t = GoogleNetHttpTransport.newTrustedTransport();
GoogleCredential gc = new GoogleCredential.Builder()
.setTransport(t)
.setJsonFactory(jsonFactory)
.setServiceAccountScopes(Collections.singleton(DriveScopes.DRIVE))
.setServiceAccountPrivateKey(serviceAccountPrivateKey)
.setServiceAccountId(Config.SERVICE_ACCOUNT_ID)
.setServiceAccountUser(Config.SERVICE_ACCOUNT_USER)
.build();
drive = new Drive.Builder(t, jsonFactory, null).setHttpRequestInitializer(gc).setApplicationName(cfg.getStringParam(Config.GAE_APPLICATION_NAME)).build();
// THIS WORKS
Changes.List request = drive.changes().list();
ChangeList changes = request.execute();
// THIS DOES NOT WORK
Channel channel = new Channel();
channel.setId(UUID.randomUUID().toString());
channel.setType("web_hook");
channel.setAddress(Config.PUSH_NOTIFICATION_ADDRESS);
Channel c = drive.changes().watch(channel).execute();
-------------- REQUEST --------------
POST https://www.googleapis.com/drive/v2/changes/watch
Accept-Encoding: gzip
Authorization: Bearer XXX
User-Agent: XXX Google-HTTP-Java-Client/1.17.0-rc (gzip)
Content-Type: application/json; charset=UTF-8
Content-Length: 118
CONFIG: curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer XXX' -H 'User-Agent: XXX Google-HTTP-Java-Client/1.17.0-rc (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -d '@-' -- 'https://www.googleapis.com/drive/v2/changes/watch' << $$$
CONFIG: {"address":"XXX","id":"8078114c-fba0-44e7-a34c-cb391ea40061","type":"web_hook"}
-------------- RESPONSE --------------
401 OK
www-authenticate: Bearer realm="https://accounts.google.com/AuthSubRequest", error=invalid_token
-------------- REQUEST --------------
POST https://accounts.google.com/o/oauth2/token
-------------- RESPONSE --------------
200 OK
{
"access_token" : XXX,
"token_type" : "Bearer",
"expires_in" : 3600
}
-------------- REQUEST --------------
POST https://www.googleapis.com/drive/v2/changes/watch
-------------- RESPONSE --------------
401 OK
www-authenticate: Bearer realm="https://accounts.google.com/AuthSubRequest", error=invalid_token
...
...
...
-------------- RESPONSE --------------
200 OK
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
date: Wed, 28 May 2014 20:51:19 GMT
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: GSE
alternate-protocol: 443:quic
transfer-encoding: chunked
{
"access_token" : XXX,
"token_type" : "Bearer",
"expires_in" : 3600
}
{
"error": {
"errors": [
{
"domain": "global",
"reason": "push.webhookUrlUnauthorized",
"message": "Unauthorized WebHook callback channel: XXX"
}
],
"code": 401,
"message": "Unauthorized WebHook callback channel: XXX"
}
}