我正在尝试使用Directory API更新域中用户的Google密码。我已经按照Plus服务帐户的示例进行了操作,该帐户几乎相同(https://github.com/google/google-api-java-client-samples/blob/master/plus-serviceaccount-cmdline-sample/src/main/java/com/google/api/services/samples/plus/serviceaccount/cmdline/PlusServiceAccountSample.java)。
我正在尝试确定为什么我需要将超级管理员用户的电子邮件地址传递给setServiceAccountUser()以便在域上设置用户密码。是否存在允许我在不设置serviceAccountUser?
的情况下使用API的设置当我注释掉setServiceAccountUser()调用时,我收到以下消息:
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Not Authorized to access this resource/api",
"reason" : "forbidden"
} ],
"message" : "Not Authorized to access this resource/api"
以下是相关的代码(来自Plus示例):
// service account credential (uncomment setServiceAccountUser for domain-wide delegation)
GoogleCredential credential = new GoogleCredential.Builder().setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(Collections.singleton(PlusScopes.PLUS_ME))
.setServiceAccountPrivateKeyFromP12File(new File("key.p12"))
// .setServiceAccountUser("user@example.com")
.build();