Google Admin SDK会抛出错误的请求java客户端

时间:2013-10-01 15:13:12

标签: google-apps google-api-java-client google-api-client google-admin-sdk

我正在尝试使用java客户端使用admin SDK。我的要求是服务器端应用程序在未经最终用户明确同意的情况下管理用户。我已经按照以下步骤进行操作。

我创建的服务帐户是Google API控制台。 将服务帐户添加到Google Apps管理控制台的第三方oauth访问部分 添加了user,user.readonly的范围。 创建了一个超级管理员,用作服务帐户用户 我使用java客户端如下: 使用服务电子邮件进行身份验证的api资源管理器中的相同操作正在进行中

        HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
        JsonFactory JSON_FACTORY = new JacksonFactory();
        GoogleCredential credential=null;
        try {

             credential = new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
                    .setJsonFactory(JSON_FACTORY)
                    .setServiceAccountId("xxx@developer.gserviceaccount.com")
                    .setServiceAccountScopes(DirectoryScopes.all())
                    .setServiceAccountPrivateKeyFromP12File(new File("/Users/xxx/Downloads/file-privatekey.p12"))
                    .setServiceAccountUser("xx@subdomain.domain.com")    //Super admin account
                    .build();
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }

        Directory directory = new Directory.Builder(HTTP_TRANSPORT,JSON_FACTORY,credential).setApplicationName("Sync Service").build();

        try {
            Directory.Users.List list = directory.users().list();
            list.setDomain("subdomain.domain.com");
            //list.setCustomer("xxx");
            Users users = list.execute();
        } catch (IOException e) {
            e.printStackTrace();
        }

我收到以下错误。不知道为什么!

com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
  "error" : "access_denied"
}
    at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
    at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
    at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
    at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:269)
    at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
    at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217)
    at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:858)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)
    at GappsClient.main(GappsClient.java:53)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)

Process finished with exit code 0

2 个答案:

答案 0 :(得分:1)

您是否已将服务帐户的客户ID添加到Cpanel中管理第三方OAuth访问?

答案 1 :(得分:0)

我跟随@Emily Lam回答并使用旧的Google API控制台形成了服务帐户,我能够获得预期的结果。如果有人需要我遵循的详细步骤,请告诉我。关注以下网址https://developers.google.com/console/help/#creatingdeletingprojects

中的OAuth 2.0客户端ID部分
相关问题
最新问题