我正在尝试访问google admin-directory API,以管理员身份创建,删除或删除用户。
我正在尝试开发一个允许更新或删除用户的应用程序。
我试图走两条路。
首先,我使用了显示的代码:Google Admin Directory API is returning 400 bad request
但是调整代码如下:
HttpTransport httpTransport = new NetHttpTransport(); JacksonFactory jsonFactory = new JacksonFactory();
GoogleCredential credential;
SCOPES.add("https://www.googleapis.com/auth/admin.directory.user");
GoogleCredential credential;
try {
credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(
"XXXXXXXXXX@developer.gserviceaccount.com")
.setServiceAccountUser("XXX@subdomain.domain.com")//(The administrator account)
.setServiceAccountScopes(SCOPES)
.setServiceAccountPrivateKeyFromP12File(
new File("WEB-INF/KeY.p12")).build();
credential.setAccessToken(oauthToken);
resp.getWriter().println(credential.getServiceAccountId());
Directory directory = new Directory.Builder(httpTransport, jsonFactory, credential).setApplicationName("User Sync Service")
.setHttpRequestInitializer(credential).setApplicationName("Example APP").build();
resp.getWriter().println();
Directory.Users.List list = directory.users().list();
list.setDomain("subdomain.domain.com");
Users users = list.execute();
在这种情况下,问题是当Directory对象(Directory directory = new Directory.Builder(...))instanciate或执行时,这是错误:
Uncaught exception from servlet
com.google.api.client.auth.oauth2.TokenResponseException: 400 OK
{
"error" : "invalid_grant"
}
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:332)
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:352)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:269)
at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:454)
at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:215)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:854)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)
at com.ejemploprueba.Inbox.doGet(Inbox.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:35)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:266)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:146)
at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:439)
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:435)
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:442)
at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:186)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:306)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:298)
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:439)
at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:251)
at java.lang.Thread.run(Thread.java:722)
第二种方法是创建一个servlet,用SCOPE =“https://www.googleapis.com/auth/admin.directory.user”调用api, 在第二个servlet中获取acces_token和用户。
通过这种方式,我发现创建GoogleCredential并使用acces_token和用户连接到服务服务器的问题,然后在步骤1中显示对象“Directory”。
其中:
acces_token: ya29.AHES6ZREQdCcm7FqZGg3Do0jYxN-XXXXXXXXXXX-YYYYYYYYYYYYYy
and
User: user@subdomain.domain.com
我在Google Api控制台/服务
中启用了“管理SDK”选项如何修复第一种情况中发生的错误? 第二种方式的解决方案是什么? 什么是更好的解决方案,第一种方式还是第二种方式?
非常感谢您提前和问候。
答案 0 :(得分:0)
对于案例1,当您致电:
credential.setAccessToken(oauthToken);
您正在使用oauthToken的内容替换从Google授权服务器获取的访问令牌,该内容看起来不是该服务帐户的有效访问令牌。
答案 1 :(得分:0)
不确定这是否对您有所帮助,但我在C#中做过类似的事情。 最初有一些严肃的授权问题,但终于成功了。
检查此stackoverflow Trying to Create users in Google Apps domain in Windows Forms code