(400)使用带有Admin SDK的Google API PHP客户端的错误请求

时间:2014-08-27 17:58:58

标签: php oauth-2.0 google-api google-api-php-client

我正在尝试将Google API PHP Client与Google Directory API一起使用。我进入了Google Developers Console并创建了一个名为google-sync的项目。然后,我在API列表页面中启用了Admin SDK。然后,我从“凭据”页面选择“创建新客户端ID”,然后选择Service Account,然后下载提示我下载的.bin私钥。然后我还点击了“生成新的P12密钥”并下载了.p12文件,该文件与PHP文件放在同一目录中。

这是我试图列出所有用户的PHP代码(跟this part of the docs之后)。

<?php
session_start();
require 'vendor/autoload.php';
$SCOPE = 'https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit';

$SERVICE_ACCOUNT_EMAIL = '<EMAIL ADDRESS>';
$SERVICE_ACCOUNT_PKCS12_FILE_PATH = '<P12 FILE NAME>.p12';

$client = new Google_Client();
$client->setApplicationName('google-sync');
$adminService = new Google_Service_Directory($client);
$key = file_get_contents($SERVICE_ACCOUNT_PKCS12_FILE_PATH);
$cred = new Google_Auth_AssertionCredentials(
    $SERVICE_ACCOUNT_EMAIL,
    array($SCOPE),
    $key);
$client->setAssertionCredentials($cred);

$allUsers = $adminService->users->listUsers();

当我运行此代码时,我收到此错误:

PHP Fatal error:  Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:80
Stack trace:

#0 /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php(44): Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request))
#1 /projects/google-sync/vendor/google/apiclient/src/Google/Client.php(499): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request))
#2 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php(195): Google_Client->execute(Object(Google_Http_Request))
#3 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php(2063): Google_Service_Resource->call('list', Array, 'Google_Service_...')
#4 /projects/google-sync/auth-test.php(20): Google_Service_Directory_Users_Resource->listUsers()
#5 {main}
  thrown in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80

Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80

Google_Service_Exception: Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80

Call Stack:
    0.0001     232296   1. {main}() auth-test.php:0
    0.0172    2957992   2. Google_Service_Directory_Users_Resource->listUsers() /projects/google-sync/auth-test.php:20
    0.0172    2959144   3. Google_Service_Resource->call() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php:2063
    0.3356    2970752   4. Google_Client->execute() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php:195
    0.3356    2971568   5. Google_Http_REST::execute() /projects/google-sync/vendor/google/apiclient/src/Google/Client.php:499
    0.7015    2974424   6. Google_Http_REST::decodeHttpResponse() /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:44

当我下载p12文件时,我获得了与私钥相关联的密码,但我无法找到有关如何包含该密码的任何文档。这是我的问题吗?

2 个答案:

答案 0 :(得分:1)

我遇到了同样的问题。服务帐户应在发出请求时模拟域管理员。此外,listUsers()希望将域作为参数传递。

确保您已将域范围的权限委派给服务帐户 - https://developers.google.com/api-client-library/php/auth/service-accounts

$cred = new Google_Auth_AssertionCredentials(
    $service_account_name,
    array($SCOPE),
    $key
);
$cred->sub = "admin@domain.com";
//Get All users.
$list  = $service->users->listUsers(Array('domain' => 'domain.com'));
//Get one user
$userId = $service->users->get('someuser@domain.com');

答案 1 :(得分:0)

我可以通过进入我的域管理控制台,转到安全性下的管理API客户端访问页面,并从开发者控制台添加客户端ID并添加目录所需的范围来解决此问题。 API。

有关详细信息,请参阅this part of the docs