我尝试将某些内容集成到我们的网站中,以便在创建帐户时将新成员添加到我们的Google网上论坛邮件列表中。我使用Admin SDK的PHP API这样做,但没有运气
这是代码
include_once 'autoload.php';
$clientId = 'xxxxxxx.apps.googleusercontent.com';
$serviceAccountName = 'xxxxxx@developer.gserviceaccount.com';
$delegatedAdmin = 'admin@website.org';
$keyFile = 'key.p12';
$appName = 'App Name';
$scopes = array(
'https://www.googleapis.com/auth/admin.directory.group'
);
if (!($creds = new Google_Auth_AssertionCredentials(
$serviceAccountName,
$scopes,
file_get_contents($keyFile)
))) {
echo 'creds failed';
exit;
}
if (!($creds->sub = $delegatedAdmin)) {
echo 'sub failed';
exit;
}
if (!($client = new Google_Client())) {
echo 'obj creation failed failed';
exit;
}
if (!($client->setApplicationName($appName))) {
echo 'app name failed';
exit;
}
if (!($client->setClientId($clientId))) {
echo 'set id failed';
exit;
}
if (!($client->setAssertionCredentials($creds))) {
echo 'assertion failed';
exit;
}
if (!($dir = new Google_Service_Directory($client))) {
echo 'dir failed';
exit;
}
if (!($member = new Google_Service_Directory_Member(array(
'email' =>'validtestemail@test.test',
'kind' => 'admin#directory#member',
'role' => 'MEMBER',
'type' => 'USER')))) {
echo 'member failed';
exit;
}
if (!($list = $dir->members->insert('groupname@googlegroups.com', $member))) {
echo 'list failed';
exit;
}
echo 'good';
如果我运行它,代码将停止在设置的应用程序名称,或设置$ client的任何属性。如果我对这些部分发表评论,我会得到一个空白页面。
答案 0 :(得分:0)
从new Google_Service_Directory($client)开始,您的代码对我有用,因此我猜测问题在于您的凭据生成。
以下是我成功使用的一些代码:
// Create a new google client. We need this for all API access.
$client = new Google_Client();
$client->setApplicationName("Google Group Test");
$client_id = '...';
$service_account_name = '...';
$key_file_location = '...';
if (isset($_SESSION['service_token'])) {
$client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
// https://www.googleapis.com/auth/admin.directory.group,
// https://www.googleapis.com/auth/admin.directory.group.readonly,
// https://www.googleapis.com/auth/admin.directory.group.member,
// https://www.googleapis.com/auth/admin.directory.group.member.readonly,
// https://www.googleapis.com/auth/apps.groups.settings,
// https://www.googleapis.com/auth/books
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
array(
Google_Service_Groupssettings::APPS_GROUPS_SETTINGS,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_READONLY,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER_READONLY,
Google_Service_Books::BOOKS,
),
$key,
'notasecret'
);
//
// Very important step: the service account must also declare the
// identity (via email address) of a user with admin priviledges that
// it would like to masquerade as.
//
// See: http://stackoverflow.com/questions/22772725/trouble-making-authenticated-calls-to-google-api-via-oauth
//
$cred->sub = '...';
$client->setAssertionCredentials($cred);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();
我的示例中有更多的范围,但我将它们全部留在了。确保在管理控制台中将所有相同的范围授予您的服务帐户。请参阅文档Using OAuth 2.0 for Server to Server Applications,尤其是"将域范围的权限委派给服务帐户"。您将要访问该页面:
https://admin.google.com/YOURDOMAIN/AdminHome?chromeless=1#OGX:ManageOauthClients
将YOURDOMAIN替换为您的Google Apps帐户的域名。