1. 首頁
  2. 問答
  3. 使用Google+ for Domains API登錄圈子access_denied失敗

使用Google+ for Domains API登錄圈子access_denied失敗

2013-11-09 34 views
0

這讓我難過!我正在嘗試使用域名範圍委派列出我的網域中用戶的Google Plus圈子。這應該正是谷歌開發者API示例所做的。使用Google+ for Domains API登錄圈子access_denied失敗

我已經在Google的雲控制檯中設置了一個應用程序,啓用了Google+ for Domains API並創建了一個服務器證書。

然後,我在Google Apps管理控制檯中添加了範圍。

我的代碼:

package com.MYDOMAIN.plus; 

import java.io.IOException; 
import java.security.GeneralSecurityException; 
import java.util.Arrays; 
import java.util.List; 

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; 
import com.google.api.client.http.HttpTransport; 
import com.google.api.client.http.javanet.NetHttpTransport; 
import com.google.api.client.json.JsonFactory; 
import com.google.api.client.json.jackson.JacksonFactory; 
import com.google.api.services.plusDomains.PlusDomains; 
import com.google.api.services.plusDomains.model.Circle; 
import com.google.api.services.plusDomains.model.CircleFeed; 

public class PlusHelper { 

    // Fill in the following values based upon the previous steps 
    private static final String SERVICE_ACCOUNT_EMAIL = "[email protected]ccount.com"; 
    private static final String SERVICE_ACCOUNT_PKCS12_FILE_PATH = 
     "/Users/kees/Documents/workspace/MYDOMAINPlus/2a282bbacf8895b821e7cf662a98de4d65e38b2a-privatekey.p12"; 
    private static final String USER_EMAIL = "[email protected]"; 

    // List the scopes your app requires. These must match the scopes 
    // registered in the Admin console for your Google Apps domain. 
    private static final List<String> SCOPE = Arrays.asList(
       "https://www.googleapis.com/auth/plus.circles.read"); 

    private static PlusDomains authenticate(final String userEmail) throws GeneralSecurityException, IOException { 
     System.out.println(String.format("Authenticate the domain for %s", userEmail)); 

     HttpTransport httpTransport = new NetHttpTransport(); 
     JsonFactory jsonFactory = new JacksonFactory(); 

     // Setting the sub field with USER_EMAIL allows you to make API calls using the special keyword 
     // "me" in place of a user id for that user. 
     GoogleCredential credential = new GoogleCredential.Builder() 
      .setTransport(httpTransport) 
      .setJsonFactory(jsonFactory) 
      .setServiceAccountId(SERVICE_ACCOUNT_EMAIL) 
      .setServiceAccountScopes(SCOPE) 
      .setServiceAccountUser(USER_EMAIL) 
      .setServiceAccountPrivateKeyFromP12File(
       new java.io.File(SERVICE_ACCOUNT_PKCS12_FILE_PATH)) 
      .build(); 

     // Create and return the authorized API client 
     PlusDomains service = new PlusDomains.Builder(httpTransport, jsonFactory, credential).setApplicationName("PlusSync").build(); 
     return service; 
    } 

    public static void main(String[] args) { 
      /** Global Drive API client. */ 
      PlusDomains plusDomains; 
      try { 
       plusDomains = PlusHelper.authenticate(USER_EMAIL); 
       PlusDomains.Circles.List listCircles = plusDomains.circles().list(USER_EMAIL); 
       listCircles.setMaxResults(5L); 
       CircleFeed circleFeed = listCircles.execute(); 
       List<Circle> circles = circleFeed.getItems(); 

       // Loop until no additional pages of results are available. 
       while (circles != null) { 
        for (Circle circle : circles) { 
        System.out.println(circle.getDisplayName()); 
        } 

        // When the next page token is null, there are no additional pages of 
        // results. If this is the case, break. 
        if (circleFeed.getNextPageToken() != null) { 
        // Prepare the next page of results 
        listCircles.setPageToken(circleFeed.getNextPageToken()); 

        // Execute and process the next page request 
        circleFeed = listCircles.execute(); 
        circles = circleFeed.getItems(); 
        } else { 
        circles = null; 
        } 
       } 
      } catch (GeneralSecurityException e) { 
       // TODO Auto-generated catch block 
       e.printStackTrace(); 
      } catch (IOException e) { 
       // TODO Auto-generated catch block 
       e.printStackTrace(); 
      } 



    } 
}

這導致了這個錯誤:

com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request 
{ 
    "error" : "access_denied" 
} 
    at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105) 
    at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:332) 
    at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:352) 
    at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:269) 
    at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:454) 
    at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:215) 
    at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:854) 
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410) 
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343) 
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460) 
    at com.MYDOMAIN.plus.PlusHelper.main(PlusHelper.java:60)

沒有人有任何想法?這是在殺我,因爲我之前在另一個域上工作過!

順便說一句,「MYDOMAIN」貫穿我的代碼和堆棧跟蹤顯然是實際域的替代。

來源

2013-11-09 user1703618

回答

1

在太多的擺弄之後找到答案。看起來,在新的雲控制檯中,證書的客戶端ID與OAuth框中的客戶端ID不同。我做了什麼來解決這個問題:下載證書的JSON。該json包含一個client_id值,與雲控制檯中的客戶端ID不同。在管理API面板中使用來自JSON的客戶端ID來授權範圍並且它將工作!

來源

2013-11-10 17:26:48 user1703618

相關問題

 相關問題