我正在尝试使用google admin api和列出邮件列表用户进行授权。我从api控制台下载了一个密钥并执行了:
require 'google/api_client'
client= Google::APIClient.new(application_name: "myapp", application_version: "0.1")
groups= client.discovered_api('admin', 'directory_v1')
key = Google::APIClient::PKCS12.load_key(Dir['*.p12'].first, 'notasecret')
client.authorization = Signet::OAuth2::Client.new(
token_credential_uri: 'https://accounts.google.com/o/oauth2/token',
audience: 'https://accounts.google.com/o/oauth2/token',
scope: 'https://www.googleapis.com/auth/admin.directory.group.readonly',
issuer: '123asdf@developer.gserviceaccount.com',
signing_key: key)
client.authorization.fetch_access_token!
puts client.execute(api_method: groups.users.list, parameters: {}).body
我尝试添加groupKey:“mygroup@googlegroups.com” 我尝试设置域名:“mysite.com” 它总是导致“权限不足”
我还需要做些什么来列出群组中的用户?
答案 0 :(得分:1)
尝试类似:
require 'google/api_client'
## Email of the Service Account #
SERVICE_ACCOUNT_EMAIL = '<some-id>@developer.gserviceaccount.com'
## Email account of the Admin User ##
ADMIN_EMAIL = 'your-google-admin@yourdomain.com'
## Path to the Service Account's Private Key file #
SERVICE_ACCOUNT_PKCS12_FILE_PATH = '/path/to/<public_key_fingerprint>-privatekey.p12'
##
# Build an Admin SDK client instance authorized with the service account
# that acts on behalf of the given user.
#
# @param [String] user_email
# The email of the user.
# @return [Google::APIClient]
# Client instance
def build_client(user_email)
key = Google::APIClient::PKCS12.load_key(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'notasecret')
asserter = Google::APIClient::JWTAsserter.new(SERVICE_ACCOUNT_EMAIL,
'https://www.googleapis.com/auth/admin.directory.group.readonly', key)
client = Google::APIClient.new
client.authorization = asserter.authorize(ADMIN_EMAIL)
client
end
这大致改编自Google Drive Domain-Wide authorization文件。将服务帐户与Admin SDK Directory API一起使用时,您仍需要模拟管理员用户。
答案 1 :(得分:1)
我遇到了同样的问题。我写了一个示例gist,解释了如何设置它:
https://gist.github.com/thomaswitt/7468182
步骤是: