大多数Google Management API似乎都已启用服务帐户。例如,我可以像这样检索日历:
string scope = Google.Apis.Calendar.v3.CalendarService.Scopes.Calendar.ToString().ToLower();
string scope_url = "https://www.googleapis.com/auth/" + scope;
string client_id = "999...@developer.gserviceaccount.com";
string key_file = @"\path\to\my-privatekey.p12";
string key_pass = "notasecret";
AuthorizationServerDescription desc = GoogleAuthenticationServer.Description;
X509Certificate2 key = new X509Certificate2(key_file, key_pass, X509KeyStorageFlags.Exportable);
AssertionFlowClient client = new AssertionFlowClient(desc, key) { ServiceAccountId = client_id, Scope = scope_url };
OAuth2Authenticator<AssertionFlowClient> auth = new OAuth2Authenticator<AssertionFlowClient>(client, AssertionFlowClient.GetState);
CalendarService service = new CalendarService(auth);
var x = service.Calendars.Get("calendarID@mydomain.com").Fetch();
但是,GroupssettingsService上的相同代码返回503 - 服务器不可用。这是否意味着服务帐户不能与该API一起使用?
在可能相关的问题中,群组设置服务的范围似乎为apps.groups.settings,但如果您致电
GroupssettingsService.Scopes.AppsGroupsSettings.ToString().ToLower();
...相反,你得到的是appsgroupssettings,没有嵌入的句号。
是否有其他方法可以为GroupssettingsService使用服务帐户?或者有关正确范围字符串的任何信息?
非常感谢。
答案 0 :(得分:1)
为什么需要使用服务帐户呢?您可以使用常规OAuth 2.0授权流程从Google Apps超级管理员用户处获取授权令牌,并使用该权限:
https://developers.google.com/accounts/docs/OAuth2InstalledApp
答案 1 :(得分:0)
我找到了这个线程,一段时间后找到了文档中最重要的部分。发帖以免其他人在未来浪费时间。
Your application must use OAuth 2.0 to authorize requests. No other authorization protocols are supported. If your application uses Google Sign-In, some aspects of authorization are handled for you.