Question

我从Google开始使用App Engine的一些示例代码。

我的应用需要使用Google Admin SDK中的Directory API和Reports API。

我在API控制台中创建了一个项目，并在服务中启用了Admin SDK。

我已将范围（与以下代码中使用的范围相同）添加到我网域的Google cpanel中“高级工具”的“管理API客户端访问”部分。

对Directory API的调用有效。

之后，对Reports API的调用失败，并显示错误消息：

“HttpError：https：//www.googleapis.com/admin/reports/v1/activity/users/all/applications/admin ?alt = json返回”权限不足“＆gt;”

非常感谢您的帮助。

import webapp2
import os
from apiclient.discovery import build
from oauth2client.appengine import OAuth2Decorator
from oauth2client.appengine import OAuth2DecoratorFromClientSecrets
from apiclient import errors
import logging
import json

decorator = OAuth2DecoratorFromClientSecrets(
  os.path.join(os.path.dirname(__file__), 'client_secrets.json'),
  'https://www.googleapis.com/auth/admin.directory.user.readonly')

directoryauthdecorator = OAuth2Decorator(
    client_id='123.apps.googleusercontent.com',
    client_secret='456-abc',
    callback_path='/oauth2callback',
    scope='https://www.googleapis.com/auth/admin.directory.user.readonly '
          'https://www.googleapis.com/auth/admin.reports.audit.readonly '
          'https://www.googleapis.com/auth/admin.reports.usage.readonly'
)

class MainHandler(webapp2.RequestHandler):
    def get(self):
        self.response.write('Hello world!')

class OAuthHandler(webapp2.RequestHandler):
    @directoryauthdecorator.oauth_required
    def get(self):
        users = []

        # Get the authorized Http object created by the decorator.
        auth_http = directoryauthdecorator.http()

        # Get the directory service
        service = build("admin", "directory_v1", http=auth_http)

        result = []
        page_token = None
        while True:
            try:
                param = {}
                param['domain'] = 'mydomain.com'
                if page_token:
                    param['pageToken'] = page_token

                files = service.users().list(**param).execute()
                result.extend(files['users'])
                page_token = files.get('nextPageToken')
                if not page_token:
                    break
            except errors.HttpError, error:
                print 'An error occurred: %s' % error
                break


        users = []
        for user in result:
            logging.info(user['primaryEmail'])
            users.append(user['primaryEmail'])

        param = {}
        param['userKey'] = 'all'
        param['applicationName'] = 'admin'

        service = build('admin', 'reports_v1', http=auth_http)

        # this call fails with the 403 Insufficient Permissions error
        results = service.activities().list(**param).execute()
        logging.info(results)

app = webapp2.WSGIApplication([
    ('/', MainHandler),
    ('/users', OAuthHandler),
    (directoryauthdecorator.callback_path, directoryauthdecorator.callback_handler()),
], debug=True)

Answer 1

我阅读this帖子并清除了数据存储区中的凭据。

再次点击/ users url我收到了redirect_uri错误消息。

我回到API项目，修复了重定向URI，并下载了client_secrets.json文件。

现在两个调用都有效（一个到Directory API，另一个到Reports API）。

Google App Engine管理员SDK报告API返回403 Insufficient Permission错误

1 个答案: