401嘗試使用Google API創建orgunit時

Question

我試圖使用Google的Admin SDK使用shell腳本創建orgunit。我的腳本如下：

# Obtain a token we can use to modify the organisation 
auth_header=`oauth2l header --json "..." "admin.directory.orgunit"` 
customer_id=... 

curl -v -H "Content-Type: application/json" -X POST \ 
    --data-binary "@google-orgunits/technical.json" \ 
    --header "$auth_header" \ 
    "https://www.googleapis.com/admin/directory/v1/customer/$customer_id/orgunits" 

這將產生輸出：

* Trying 216.58.196.138... 
* Connected to www.googleapis.com (216.58.196.138) port 443 (#0) 
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt 
* found 704 certificates in /etc/ssl/certs 
* ALPN, offering http/1.1 
* SSL connection using TLS1.2/ECDHE_RSA_AES_128_GCM_SHA256 
* server certificate verification OK 
* server certificate status verification SKIPPED 
* common name: *.googleapis.com (matched) 
* server certificate expiration date OK 
* server certificate activation date OK 
* certificate public key: RSA 
* certificate version: #3 
* subject: C=US,ST=California,L=Mountain View,O=Google Inc,CN=*.googleapis.com 
* start date: Wed, 05 Apr 2017 17:01:30 GMT 
* expire date: Wed, 28 Jun 2017 16:56:00 GMT 
* issuer: C=US,O=Google Inc,CN=Google Internet Authority G2 
* compression: NULL 
* ALPN, server accepted to use http/1.1 
> POST /admin/directory/v1/customer/.../orgunits HTTP/1.1 
> Host: www.googleapis.com 
> User-Agent: curl/7.47.0 
> Accept: */* 
> Content-Type: application/json 
> Authorization: Bearer ... 
> Content-Length: 157 
> 
* upload completely sent off: 157 out of 157 bytes 
< HTTP/1.1 401 Unauthorized 
< Vary: X-Origin 
< WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token 
< Content-Type: application/json; charset=UTF-8 
< Date: Sat, 15 Apr 2017 06:26:27 GMT 
< Expires: Sat, 15 Apr 2017 06:26:27 GMT 
< Cache-Control: private, max-age=0 
< X-Content-Type-Options: nosniff 
< X-Frame-Options: SAMEORIGIN 
< X-XSS-Protection: 1; mode=block 
< Server: GSE 
< Alt-Svc: quic=":443"; ma=2592000; v="37,36,35" 
< Accept-Ranges: none 
< Vary: Origin,Accept-Encoding 
< Transfer-Encoding: chunked 
< 
{ 
"error": { 
    "errors": [ 
    { 
    "domain": "global", 
    "reason": "required", 
    "message": "Login Required", 
    "locationType": "header", 
    "location": "Authorization" 
    } 
    ], 
    "code": 401, 
    "message": "Login Required" 
} 
} 

必須有這裏有一些問題：我似乎獲得有效令牌，（貌似ya29.ElouBGKFig-nXZ9uykyGoDr0hxAxG5PMJTUh3VmtAtj2SAdYEbH2Coumjp5XoaF232oVx3--2EpTyNi5NgFBNrLINJij9tGL3-64MshEXjHhvkH-1NESoxPeVAU）。我已遵循所有的指示here，啓用API訪問，授權我的API客戶端，一切;但仍然沒有工作。我哪裏錯了？

Answer 1

嘗試查看文檔中關於Directory API: Authorize Requests

每個請求您的應用程序發送到目錄API都必須包含授權令牌。令牌還可以識別您的應用程序到Google。

下面是目錄API的OAuth 2.0範圍信息：

• https://www.googleapis.com/auth/admin.directory.orgunit - 訪問所有的組織單元操作全局範圍。
• https://www.googleapis.com/auth/admin.directory.orgunit.readonly - 僅供檢索組織單位的範圍。

您可以檢查OAuth 2.0 Playground，這是一款使用OAuth 2.0與Google的交互式演示（包括使用您自己的客戶端憑證的選項）。還有很多快速入門可以幫助您如何正確授權Admin SDK的請求。

希望這會有所幫助。