我正在尝试使用google service account
从我的域中获取Google用户。
但它会抛出错误
Error:"access_denied", Description:"Requested client not authorized.", Uri:""
我的代码
X509Certificate2 certificate = new X509Certificate2(key_path,
"notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer("publickey.gserviceaccount.com")
{ Scopes = scopes,
User = "admin@domain.com"
}.FromCertificate(certificate));
var service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "appname",
});
service.Users.List().Domain = "domain.com";
Users results = service.Users.List().Execute();
提前致谢
答案 0 :(得分:1)
服务帐户电子邮件地址需要访问域。接收电子邮件并将其添加为用户只需足够的访问权限就可以了解它。
你也发布了这个更改吗?
"publickey.gserviceaccount.com"
服务帐户电子邮件看起来更像是这样:
539621478854-imkdv94bgujcom228h3ea33kmkoefhil@developer.gserviceaccount.com
答案 1 :(得分:0)
您需要先向您的服务帐户/ API项目授予对您的域的访问权限。 这里的文档中详述的步骤:
您需要在这些说明的第6步中指定所需的正确范围,https://www.googleapis.com/auth/admin.directory.user.readonly
才能访问用户列表。
除了要使用Directory API之外,您还需要在域设置中启用API访问:https://developers.google.com/admin-sdk/directory/v1/guides/prerequisites#set_up_api
答案 2 :(得分:0)
我终于能够让这个工作了。这是我的代码
var grpReq = service.Groups.List();
grpReq.Domain = "mydomain.com";
Groups groups = grpReq.Execute();
IList<Group> gps = groups.GroupsValue;
var memReq=service.Members.List(groups.GroupsValue[0].Id);
Members members = memReq.Execute();
我仍然不确定为什么创建一个var对象,然后Execute()使这个工作,但早期的代码不起作用。
我仍然遇到显示所有用户的同意屏幕的问题。我有以下代码。我认为我登录用户的电子邮件的方式不正确。有什么想法吗?
string mymail = googleauth.GetUsersEmail(ExchangeCodeWithAccessAndRefreshToken().Access_Token);
string path = "d:\\c6b82065f26fbb0-privatekey.p12";
X509Certificate2 certificate = new X509Certificate2(
path,
"notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer("876131792-v824u6drpss@developer.gserviceaccount.com")
{
User = mymail,
Scopes = new[] { PlusService.Scope.UserinfoEmail, PlusService.Scope.UserinfoProfile, PlusService.Scope.PlusMe }
}.FromCertificate(certificate));
PlusService plus = new PlusService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "myapp"
});
Person profile = plus.People.Get("me").Execute();
string email = profile.Emails[0].Value;