文档
一、Cloud Commerce Procurement API
// Cloud Commerce Procurement API(账号批准使用)
https://docs.cloud.google.com/marketplace/docs/partners/commerce-procurement-api/reference/rest/v1/providers.accounts/approve
代码示例:
// 构建账号名称
String accountName = "providers/{providerId}/accounts/{accountId}";
// 创建批准请求
ApproveAccountRequest approveRequest = new ApproveAccountRequest();
approveRequest.setApprovalName("signup");
// 发送批准请求
log.info("发送账号批准请求: {}", accountName);
procurementClient.providers().accounts()
.approve(accountName, approveRequest)
.execute();二、Oauth 2.0
// Oauth 源码仓库
https://github.com/googleapis/google-auth-library-java
// Oauth 源码仓库(Zread解析版)
https://zread.ai/googleapis/google-auth-library-java/blob/main/credentials/java/com/google/auth/Credentials.java
// Oauth 文档
https://developers.google.com/identity/protocols/oauth2/web-server?hl=zh-cn#handlingresponse
代码示例:
private static final String CLOUD_SCOPE = "https://www.googleapis.com/auth/cloud-platform";
// 初始化HTTP传输和JSON工厂
// 使用内嵌的服务账号密钥JSON进行身份验证
InputStream credentialStream = new ByteArrayInputStream({ServiceAccountKeyJson()});
// 配置OAuth2认证
credential = GoogleCredentials
.fromStream(credentialStream)
.createScoped(Collections.singletonList(CLOUD_SCOPE));
HttpRequestInitializer reqInit = new HttpCredentialsAdapter(credential);
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
JsonFactory jsonFactory = GsonFactory.getDefaultInstance();
procurementClient = new CloudCommercePartnerProcurementService.Builder(
httpTransport, jsonFactory, reqInit)
.setApplicationName(marketplaceConfig.getProjectId())
.build();
credentialStream.close();
三、技术集成文档
// 前端技术集成
https://docs.cloud.google.com/marketplace/docs/partners/integrated-saas/frontend-integration?hl=zh-cn#add_your_sign_up_url
// 后端技术集成
https://docs.cloud.google.com/marketplace/docs/partners/integrated-saas/backend-integration?hl=zh-cn
排错记录
整体流程概览
- 用户在 Google Cloud Marketplace 上架的产品详情页点击“登录”或“Register with YOUR_COMPANY_NAME”
- 平台携带 JwtToken 调用后端入口,后端要么重定向到前端登录页(登录流程),要么执行“注册并关联 + 采购账号批准”(注册流程)
- 注册完成后,后端用用户在系统中的标识去调用 Google Partner Procurement API 执行账户批准,完成权益开通
一、 Token获取
Google所携带的token并非如文档所述存放在header里面,而是在body的x-www-form-urlencoded里面,字段名为x-gcp-marketplace-token
二、 Jwt校验字段不匹配
jwt校验可能报错iss和aud值不匹配,配置里的需要与jwt解析出来的这两个值保持一致
Jwt书据结构:
{
"sub": "xxxxxxx",
"aud": "域名",
"iss": "xxxxxxx",
"exp": 1766562589,
"iat": 1766562289,
"google": {
"user_identity": "xxxxxxx",
"roles": ["xxxxxx"]
}
}如果修改完后依旧同样报错,可改为手动校验
三、 凭证刷新失败
报错:
Error parsing token refresh response. Expected value access_token not found.
java.io.IOException: Error parsing token refresh response. Expected value access_token not found.
at com.google.auth.oauth2.OAuth2Utils.validateString(OAuth2Utils.java:135)
at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:549)
at com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:269)
at com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:266)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 原因:在进行相关api调用时,环境里的凭证失效
解决方法:进行相关api调用时手动刷新凭证
credential.refresh(); // 强制刷新
or
credential.refreshIfExpired(); // 过期则刷新四、 批准账号不存在
404 Not Found
POST https://cloudcommerceprocurement.googleapis.com/v1providers/{providerId}/accounts/{accountId}:approve
{
"code": 404,
"errors": [
{
"domain": "global",
"message": "Requested entity was not found.",
"reason": "notFound"
}
],
"message": "Requested entity was not found.",
"status": "NOT_FOUND"
}原因:accountId不存在
解决方法:
- 使用list api获取所有可访问的账户,然后再批准
- 通过pub/sub 订阅回调获取账户id进行批准(未验证)
评论0
暂时没有评论