1. 首頁
  2. 問答
  3. 管理SDK,目錄API,用戶:列表 - 任何有關如何做到這一點的PHP示例?

管理SDK,目錄API,用戶:列表 - 任何有關如何做到這一點的PHP示例?

2013-12-09 20 views
0
  1. 谷歌Apps for Business的鏈接到Google Apps Engine帳戶,
  2. 雲端控制檯 - >註冊應用程序 - > {名} - > Web應用程序 - >的OAuth 2.0客戶端ID
  3. 雲端控制檯 - >管理API(開)
  4. 谷歌企業應用套件控制檯 - >安全 - > API訪問(選中)
  5. 「 - >」 - >第三方的OAuth - > API客戶端(客戶端ID {} .apps.googleusercontent.com)
  6. 「 - >」 - > 「 - > API Scopes(https://www.googleapis.com/auth/admin.directory.user

這裏是我到目前爲止,管理SDK,目錄API,用戶:列表 - 任何有關如何做到這一點的PHP示例?

require_once 'google/appengine/api/app_identity/AppIdentityService.php'; 
use \google\appengine\api\app_identity\AppIdentityService; 

function setAuthHeader() { 
    $access_token =AppIdentityService::getAccessToken("https://www.googleapis.com/auth/admin.directory.user"); 
    return [ sprintf("Authorization: OAuth %s", $access_token["access_token"]) ]; 
} 

$get_contacts_url = "https://www.googleapis.com/admin/directory/v1/users?customer=my_customer"; 
$headers = implode("\n\r", setAuthHeader()); 
$opts = 
    array("http" => 
    ["http" => ["header" => $headers ]] 
); 
$context = stream_context_create($opts); 
$response = file_get_contents($get_contacts_url, false, $context); 
print_r ($response);

的「的access_token」來過就好了,但$返回響應,

{ "error": { "errors": [ { "domain": "global", "reason": "required", "message": "Login Required", "locationType": "header", "location": "Authorization" } ], "code": 401, "message": "Login Required" } }

Users: List例如在頁面的底部,他們顯示「獲取」請求如下,

GET https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&key={YOUR_API_KEY}

什麼是{YOUR_API_KEY}?我試過每個雲控制檯和Google Apps API,但都沒有運氣。

我是這樣的完全錯誤的,我應該使用完全不同的方法嗎?我一直在爲此奮鬥了一個多星期,並會喜歡任何形式的迴應。謝謝

來源

2013-12-09 user33443

回答

0

簡而言之:您正在過度簡化OAuth2。

它不如通過發送密鑰作爲HTTP GET參數來獲取數據那麼簡單。

我確定您已閱讀this,但您需要了解OAuth2 web flow以及clientlibrary如何利用您的使用情況。 您應該要求this file才能使用Directory API。

來源

2013-12-10 14:53:34 AMS

+0

謝謝。我正在關注[本教程](https://developers.google.com/appengine/docs/php/appidentity/),並且有這樣的印象:如果我的App Engine帳戶已連接到我的Google Apps帳戶,則會以某種方式精簡整個過程。查看[OAuth](https://code.google。「警告:服務帳戶目前受以下Google開發人員服務支持:雲存儲,預測API,URL Shortener,OAuth 2.0授權服務器,BigQuery」。這是否意味着使用PHP,訪問用戶列表不起作用? – user33443

+0

也許Admin SDK包含在Google的「OAuth 2.0授權服務器」部分。我認爲在服務器上嘗試一些代碼是很麻煩的。使用[此示例](http://code.google.com/p/google-api-php-client/source/browse/trunk/examples/prediction/serviceAccount.php)與DirectoryService代替PredictionService。如果它不起作用,請在構建AssertionCredentials對象時嘗試添加sub = 參數。 – AMS

0

您使用最新的PHP庫還是已棄用的? 對於最新的BETA PHP庫,這是與驗證部分相關的代碼的一部分。

​​

來源

2014-06-08 16:20:12

2

我想做到這一點最簡單的方法就是使用PHP客戶端庫,https://github.com/google/google-api-php-client/,由谷歌提供,它處理的權威性的東西對你的好工作。如果您嘗試自己動手,那麼JWT的內容會變得非常棘手。我剛剛爲你做了一個例子,https://gist.github.com/fillup/9fbf5ff35b337b27762a。我使用自己的Google Apps帳戶對其進行了測試,並對其進行了驗證,如果您遇到問題,請告知我們。

編輯:添加代碼示例這裏輕鬆:

<?php 
/** 
* Easiest to use composer to install google-api-php-client and generate autoloader 
* If you dont want to use composer you can manually include any needed files 
*/ 
include_once 'vendor/autoload.php'; 

/** 
* Client ID from https://console.developers.google.com/ 
* Must be added in Google Apps Admin console under Security -> Advanced -> Manage API client  access 
* Requires scope https://www.googleapis.com/auth/admin.directory.user or 
* https://www.googleapis.com/auth/admin.directory.user.readonly 
*/ 
$clientId = 'somelongstring.apps.googleusercontent.com'; 

/** 
* Service Account Name or "Email Address" as reported on  https://console.developers.google.com/ 
*/ 
$serviceAccountName = '[email protected]'; 

/** 
* Email address for admin user that should be used to perform API actions 
* Needs to be created via Google Apps Admin interface and be added to an admin role 
* that has permissions for Admin APIs for Users 
*/ 
$delegatedAdmin = '[email protected]'; 

/** 
* This is the .p12 file the Google Developer Console gave you for your app 
*/ 
$keyFile = 'file.p12'; 

/** 
* Some name you want to use for your app to report to Google with calls, I assume 
* it is used in logging or something 
*/ 
$appName = 'Example App'; 

/** 
* Array of scopes you need for whatever actions you want to perform 
* See https://developers.google.com/admin-sdk/directory/v1/guides/authorizing 
*/ 
$scopes = array(
    'https://www.googleapis.com/auth/admin.directory.user' 
); 

/** 
* Create AssertionCredentails object for use with Google_Client 
*/ 
$creds = new Google_Auth_AssertionCredentials(
    $serviceAccountName, 
    $scopes, 
    file_get_contents($keyFile) 
); 
/** 
* This piece is critical, API requests must be used with sub account identifying the 
* delegated admin that these requests are to be processed as 
*/ 
$creds->sub = $delegatedAdmin; 

/** 
* Create Google_Client for making API calls with 
*/ 
$client = new Google_Client(); 
$client->setApplicationName($appName); 
$client->setClientId($clientId); 
$client->setAssertionCredentials($creds); 

/** 
* Get an instance of the Directory object for making Directory API related calls 
*/ 
$dir = new Google_Service_Directory($client); 

/** 
* Get specific user example 
*/ 
//$account = $dir->users->get('[email protected]'); 
//print_r($account); 

/** 
* Get list of users example 
* In my testing you must include a domain, even though docs say it is optional 
* I was getting an error 400 without it 
*/ 
$list = $dir->users->listUsers(array('domain' => 'domain.com', 'maxResults' => 100)); 
print_r($list);

來源

2014-10-23 16:03:26

相關問題

 相關問題