我正在尝试将Google API PHP Client与Google Directory API一起使用。我进入了Google Developers Console并创建了一个名为google-sync的项目。然后,我在API列表页面中启用了Admin SDK。然后,我从“凭据”页面选择“创建新客户端ID”,然后选择Service Account,然后下载提示我下载的.bin私钥。然后我还点击了“生成新的P12密钥”并下载了.p12文件,该文件与PHP文件放在同一目录中。
这是我试图列出所有用户的PHP代码(跟this part of the docs之后)。
<?php
session_start();
require 'vendor/autoload.php';
$SCOPE = 'https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit';
$SERVICE_ACCOUNT_EMAIL = '<EMAIL ADDRESS>';
$SERVICE_ACCOUNT_PKCS12_FILE_PATH = '<P12 FILE NAME>.p12';
$client = new Google_Client();
$client->setApplicationName('google-sync');
$adminService = new Google_Service_Directory($client);
$key = file_get_contents($SERVICE_ACCOUNT_PKCS12_FILE_PATH);
$cred = new Google_Auth_AssertionCredentials(
$SERVICE_ACCOUNT_EMAIL,
array($SCOPE),
$key);
$client->setAssertionCredentials($cred);
$allUsers = $adminService->users->listUsers();
当我运行此代码时,我收到此错误:
PHP Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:80
Stack trace:
#0 /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php(44): Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request))
#1 /projects/google-sync/vendor/google/apiclient/src/Google/Client.php(499): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request))
#2 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php(195): Google_Client->execute(Object(Google_Http_Request))
#3 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php(2063): Google_Service_Resource->call('list', Array, 'Google_Service_...')
#4 /projects/google-sync/auth-test.php(20): Google_Service_Directory_Users_Resource->listUsers()
#5 {main}
thrown in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80
Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80
Google_Service_Exception: Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80
Call Stack:
0.0001 232296 1. {main}() auth-test.php:0
0.0172 2957992 2. Google_Service_Directory_Users_Resource->listUsers() /projects/google-sync/auth-test.php:20
0.0172 2959144 3. Google_Service_Resource->call() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php:2063
0.3356 2970752 4. Google_Client->execute() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php:195
0.3356 2971568 5. Google_Http_REST::execute() /projects/google-sync/vendor/google/apiclient/src/Google/Client.php:499
0.7015 2974424 6. Google_Http_REST::decodeHttpResponse() /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:44
当我下载p12文件时,我获得了与私钥相关联的密码,但我无法找到有关如何包含该密码的任何文档。这是我的问题吗?
答案 0 :(得分:1)
我遇到了同样的问题。服务帐户应在发出请求时模拟域管理员。此外,listUsers()希望将域作为参数传递。
确保您已将域范围的权限委派给服务帐户 - https://developers.google.com/api-client-library/php/auth/service-accounts
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
array($SCOPE),
$key
);
$cred->sub = "admin@domain.com";
//Get All users.
$list = $service->users->listUsers(Array('domain' => 'domain.com'));
//Get one user
$userId = $service->users->get('someuser@domain.com');
答案 1 :(得分:0)
我可以通过进入我的域管理控制台,转到安全性下的管理API客户端访问页面,并从开发者控制台添加客户端ID并添加目录所需的范围来解决此问题。 API。
有关详细信息,请参阅this part of the docs。