//create google instance
Google.Apis.IdentityToolkit.v3.IdentityToolkitService GetILClient(bool IsService, string AppName)
{
Google.Apis.IdentityToolkit.v3.IdentityToolkitService client = null;
if (IsService)
{
//get service client
string serviceAccountEmail = SettingsManager.SettingsController.SettingsInstance.ModulesParams
[Auth.Interfaces.Constants.C_SettingsModuleName]
[Auth.Interfaces.Constants.C_IL_Service_Email.Replace("{AppName}", AppName)].Value;
string p12FileLocation = SettingsManager.SettingsController.SettingsInstance.ModulesParams
[Auth.Interfaces.Constants.C_SettingsModuleName]
[Auth.Interfaces.Constants.C_IL_Service_p12File.Replace("{AppName}", AppName)].Value;
string oApiName = SettingsManager.SettingsController.SettingsInstance.ModulesParams
[Auth.Interfaces.Constants.C_SettingsModuleName]
[Auth.Interfaces.Constants.C_IL_ApiName.Replace("{AppName}", AppName)].Value;
var certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2
(p12FileLocation,
"notasecret",
System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable);
Google.Apis.Auth.OAuth2.ServiceAccountCredential credential = new Google.Apis.Auth.OAuth2.ServiceAccountCredential(
new Google.Apis.Auth.OAuth2.ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { "https://www.googleapis.com/auth/identitytoolkit" }
}.FromCertificate(certificate));
client =
new Google.Apis.IdentityToolkit.v3.IdentityToolkitService(new Google.Apis.Services.BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = oApiName,
});
}
else
{
//get web client
string oApiKey = SettingsManager.SettingsController.SettingsInstance.ModulesParams
[Auth.Interfaces.Constants.C_SettingsModuleName]
[Auth.Interfaces.Constants.C_IL_ApiKey.Replace("{AppName}", AppName)].Value;
string oApiName = SettingsManager.SettingsController.SettingsInstance.ModulesParams
[Auth.Interfaces.Constants.C_SettingsModuleName]
[Auth.Interfaces.Constants.C_IL_ApiName.Replace("{AppName}", AppName)].Value;
client =
new Google.Apis.IdentityToolkit.v3.IdentityToolkitService(new Google.Apis.Services.BaseClientService.Initializer()
{
ApiKey = oApiKey,
ApplicationName = oApiName,
});
}
return(client);
}
public ServiceAccountAuthenticator(string projectId, string serviceAccountEmail, string certificatePath, string secretKey)
{
if (string.IsNullOrWhiteSpace(serviceAccountEmail))
{
throw new ArgumentException(nameof(serviceAccountEmail));
}
if (string.IsNullOrWhiteSpace(certificatePath))
{
throw new ArgumentException(nameof(certificatePath));
}
if (string.IsNullOrWhiteSpace(secretKey))
{
throw new ArgumentException(nameof(secretKey));
}
if (string.IsNullOrWhiteSpace(projectId))
{
throw new ArgumentException(nameof(projectId));
}
// Service account email must be an email address. A lot of people use the client Id instead of email by accident,
// so this simple check should save them some time.
if (!serviceAccountEmail.Contains("@"))
{
throw new InvalidOperationException("The `serviceAccountEmail` parameter must be an email address. (Did you use a client Id by accident?)");
}
_projectId = projectId;
var fullpath = UriExtensions.GetAbsoluteUri(certificatePath);
var certificate = new X509Certificate2(fullpath, secretKey, X509KeyStorageFlags.Exportable);
var credential = new Google.Apis.Auth.OAuth2.ServiceAccountCredential(
new Google.Apis.Auth.OAuth2.ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[]
{
DatastoreService.Scope.Datastore,
DatastoreService.Scope.CloudPlatform,
StorageService.Scope.DevstorageReadWrite
}
}.FromCertificate(certificate));
_initializer = new BaseClientService.Initializer
{
HttpClientInitializer = credential,
ApplicationName = projectId
};
}
public ServiceAccountAuthenticator(string projectId, string serviceAccountEmail, string certificatePath, string secretKey)
{
if (string.IsNullOrWhiteSpace(serviceAccountEmail))
throw new ArgumentException(nameof(serviceAccountEmail));
if (string.IsNullOrWhiteSpace(certificatePath))
throw new ArgumentException(nameof(certificatePath));
if (string.IsNullOrWhiteSpace(secretKey))
throw new ArgumentException(nameof(secretKey));
if (string.IsNullOrWhiteSpace(projectId))
throw new ArgumentException(nameof(projectId));
// Service account email must be an email address. A lot of people use the client Id instead of email by accident,
// so this simple check should save them some time.
if (!serviceAccountEmail.Contains("@"))
throw new InvalidOperationException("The `serviceAccountEmail` parameter must be an email address. (Did you use a client Id by accident?)");
_projectId = projectId;
var fullpath = UriExtensions.GetAbsoluteUri(certificatePath);
var certificate = new X509Certificate2(fullpath, secretKey, X509KeyStorageFlags.Exportable);
var credential = new Google.Apis.Auth.OAuth2.ServiceAccountCredential(
new Google.Apis.Auth.OAuth2.ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[]
{
DatastoreService.Scope.Datastore,
DatastoreService.Scope.UserinfoEmail,
StorageService.Scope.DevstorageReadWrite
}
}.FromCertificate(certificate));
_initializer = new BaseClientService.Initializer
{
HttpClientInitializer = credential,
ApplicationName = projectId
};
}
