NextJS Google Drive API 使用服务帐户获得的权限不足

问题描述 投票:0回答:0

我正在编写一个简单的 NextJS 应用程序来列出 Google 云端硬盘文件夹中的文件。

  • G Drive 文件夹归我的个人帐户所有,并与在 GCP 中创建的服务帐户共享
  • creds.json
    包含添加到服务帐户上的正确密钥

代码简单,在很多其他教程中看到过(12):

const credsDir = path.join(process.cwd(), '.');
const credsFile = fs.readFileSync(credsDir + '/creds.json', 'utf-8');
const credsJson = JSON.parse(credsFile);

const authClient = new google.auth.GoogleAuth({
  credsJson,
  scopes: "https://www.googleapis.com/auth/drive"
});

const drive = google.drive({ version: 'v3', auth: authClient });

const response = await drive.files.list()
// Also tried drive.files.list({ driveId: xxxxxxxxxxxxxxxxx })
// Also tried other operations besides listing files

收到的错误是:

error - GaxiosError: Insufficient Permission
    at Gaxios._request [...] {
  response: {
    config: {
      url: 'https://www.googleapis.com/drive/v3/files',
      method: 'GET',
      userAgentDirectives: [Array],
      paramsSerializer: [Function (anonymous)],
      headers: [Object],
      params: {},
      validateStatus: [Function (anonymous)],
      retry: true,
      responseType: 'json',
      retryConfig: [Object]
    },
    data: { error: [Object] },
    headers: {
      'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
      'cache-control': 'private',
      connection: 'close',
      'content-encoding': 'gzip',
      'content-type': 'application/json; charset=UTF-8',
      date: 'Fri, 07 Apr 2023 09:40:28 GMT',
      server: 'ESF',
      'transfer-encoding': 'chunked',
      'www-authenticate': 'Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/drive.appdata https://www.googleapis.com/auth/drive.appfolder https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.resource https://www.googleapis.com/auth/drive.metadata https://www.googleapis.com/auth/drive.metadata.readonly https://www.googleapis.com/auth/drive.readonly.metadata https://www.googleapis.com/auth/drive.photos.readonly https://www.googleapis.com/auth/drive.readonly"',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'SAMEORIGIN',
      'x-xss-protection': '0'
    },
    status: 403,
    statusText: 'Forbidden',
    request: { responseURL: 'https://www.googleapis.com/drive/v3/files' }
  },
  config: {
    url: 'https://www.googleapis.com/drive/v3/files',
    method: 'GET',
    userAgentDirectives: [ [Object] ],
    paramsSerializer: [Function (anonymous)],
    headers: {
      'x-goog-api-client': 'gdcl/6.0.4 gl-node/17.9.0 auth/8.7.0',
      'Accept-Encoding': 'gzip',
      'User-Agent': 'google-api-nodejs-client/6.0.4 (gzip)',
      Authorization: '<some bearer token>',
      Accept: 'application/json'
    },
    params: {},
    validateStatus: [Function (anonymous)],
    retry: true,
    responseType: 'json',
    retryConfig: {
      currentRetryAttempt: 0,
      retry: 3,
      httpMethodsToRetry: [Array],
      noResponseRetries: 2,
      statusCodesToRetry: [Array]
    }
  },
  code: 403,
  errors: [
    {
      message: 'Insufficient Permission',
      domain: 'global',
      reason: 'insufficientPermissions'
    }
  ],
  page: '/api/gdrive-images'
}

围绕这个有一些解决方案,但是很老,似乎不符合我的特殊情况。

我可能会遗漏什么愚蠢的配置?

next.js google-drive-api service-accounts
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.