1. 首頁
  2. 問答
  3. 與服務帳戶Googlephpapi管理用戶

與服務帳戶Googlephpapi管理用戶

2016-12-13 167 views
0

我已經按照這裏的方向https://developers.google.com/api-client-library/php/auth/service-accounts與服務帳戶Googlephpapi管理用戶

我添加的

https://www.googleapis.com/auth/admin.directory.group 
https://www.googleapis.com/auth/admin.directory.user 
https://www.googleapis.com/auth/admin.directory.customer 
https://www.googleapis.com/auth/admin.directory.domain

管理控制檯以下是內我的服務帳戶的客戶端ID的範圍代碼我試圖運行

putenv('GOOGLE_APPLICATION_CREDENTIALS=JSONFILELOCATION'); 
$client = new Google_Client(); 
$client->useApplicationDefaultCredentials(); 
$client->setApplicationName("Directory"); 
$client->setScopes(array(
    Google_Service_Directory::ADMIN_DIRECTORY_CUSTOMER, 
    Google_Service_Directory::ADMIN_DIRECTORY_USER 
)); 
$client->setSubject("[email protected]"); 
//$client->setSubject(SUPERADMINEMAILADDRESS); 

$service = new Google_Service_Directory($client); 
// Print the first 10 users in the domain. 
$optParams = array(
    'domain'=>'MYDOMAIN', 
    'maxResults' => 10, 
    'orderBy' => 'email', 
); 
$results = $service->users->listUsers($optParams);

結果我得到的是未經授權的客戶端

Fatal error: Uncaught exception 'Google_Service_Exception' with message '{ 
"error": "unauthorized_client", 
"error_description": "Unauthorized client or scope in request." 
} 
' in /var/web/composer/googlephpapi/vendor/google/apiclient/src/Google/Http/REST.php:118 
Stack trace: 
#0 /var/web/composer/googlephpapi/vendor/google/apiclient/src/Google/Http/REST.php(94): Google_Http_REST::decodeHttpResponse(Object(GuzzleHttp\Psr7\Response), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...') 
#1 [internal function]: Google_Http_REST::doExecute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...') 
#2 /var/web/composer/googlephpapi/vendor/google/apiclient/src/Google/Task/Runner.php(181): call_user_func_array(Array, Array) 
#3 /var/web/composer/googlephpapi/vendor/google/apiclient/src/Google/Http/REST.php(58): Google_Task_Runner->run() 
#4 /var/web/composer/googlephpapi/vendor/google/apiclient/src/Google/Client.php(781): Google_Http_REST::execute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), in /var/web/composer/googlephpapi/vendor/google/apiclient/src/Google/Http/REST.php on line 118

我正在嘗試使用服務帳戶的電子郵件地址。但我收到權限錯誤。如果我使用超級管理員電子郵件地址,我會得到結果。是否有我缺少能夠使用服務帳戶的設置?我認爲,通過域名範圍的授權,我可以使用服務帳戶在不使用真實用戶的情況下擁有完全訪問權限。

來源

2016-12-13 Henesnarfel

+0

作爲服務帳戶不是超級管理員的事實,這就是爲什麼你越來越未經授權的「客戶端」。您只能使用服務帳戶**冒充**用戶。因此,該主題應始終是帳戶的超級管理員。 – Morfinismo

回答

0

這是另一個嘗試的例子。

define('SCOPES', implode(' ', array(Google_Service_Directory::ADMIN_DIRECTORY_USER))); 

    putenv('GOOGLE_APPLICATION_CREDENTIALS=' . $path_to_json_creds_file); 

    $client = new Google_Client(); 
    $client->useApplicationDefaultCredentials(); // loads whats in that json service account file. 
    $client->setScopes(SCOPES); // adds the scopes 
    $client->setSubject($domainUserWithAdminRoles); // An org account with special roles defined. 

    $dir = new Google_Service_Directory($client); 

    // get the account. 
    $results = $dir->users->get($userKey); 

    print_r($results);

來源

2017-01-13 23:37:39

相關問題

 相關問題