使用Google Apps服务帐户启用邮件转发功能

时间:2015-04-13 15:50:27

标签: python google-api google-directory-api service-accounts google-email-settings-api

2015年4月20日,已停止使用多个Google Apps API,包括Provisioning API(gdata)。
在我的Python脚本中,我使用的是服务帐户和OAuth 2.0,而不是ClientLogin,以及替换API:Directory API。 但是,我无法找到使用新API启用邮件转发的方法,并且所有用于邮件转发的Google Python文档都说明了如何使用ClientLogin执行此操作,ClientLogin也将于4月20日停止使用。

相关信息:
我有一个服务帐户,并按照本指南正确授权:https://developers.google.com/api-client-library/python/auth/service-accounts
我的所有其他功能都在使用新的API! 我已经彻底搜索了Directory API文档(虽然我不排除我错过了什么):https://developers.google.com/resources/api-libraries/documentation/admin/directory_v1/python/latest/index.html
谷歌关于使用Python实现邮件转发的唯一文档(我发现)建议使用如上所述的ClientLogin:https://developers.google.com/admin-sdk/email-settings/#manage_forwarding_settings

我现有的邮件转发工作代码(基于该文档):

client = gdata.apps.emailsettings.client.EmailSettingsClient(domain='mydomain.co')
client.ClientLogin(email=adminEmail, password=adminPass, source='apps')
client.UpdateForwarding(username=username, enable=True, 
    forward_to=forwardTo, action='ARCHIVE')

我的更新代码基于Jay Lee的回答:

credentials = SignedJwtAssertionCredentials(serviceEmail, key, sub=adminEmail, 
    scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/ '+'other scopes')
client = gdata.apps.emailsettings.client.EmailSettingsClient(domain='mydomain.co')
client.additional_headers = {'Authorization': 'Bearer %s' % credentials.access_token}
client.UpdateForwarding(username=username, enable=True, 
    forward_to=forwardTo, action='ARCHIVE')

我将新范围添加到我的服务帐户中:
管理控制台 - >安全性 - >高级设置 - >管理API客户端访问(在身份验证下)
*注意:如果您使用的是其他范围,则需要键入所有范围,因为它会替换以前的设置。

更新:
我以为我有它工作,但我可能有一条注释掉或忽略。当我在当天晚些时候尝试我的代码时,所有行都正确执行,它仍然给我一个gdata.client.Unauthorized错误。我已经尝试重新启动我的服务器,因此将再次创建凭据,但它没有帮助。当我尝试进行更新转发呼叫时发生错误 我确认access_token与我的Directory API调用的相同,而“client”实际上是一个emailSettingsClient对象。
我收到的完整错误是:

Unauthorized error message

基于以下内容的另一种尝试:
http://www.worldofchris.com/blog/2012/12/27/fun-with-oauth-gdata-google-apis-client-library-python/
https://groups.google.com/forum/m/#!msg/google-apps-developer-blog/1pGRCivuSUI/3EAIioKp0-wJ How do I authorize a gdata client without using the gdata oauth2 workflow? 

credentials = SignedJwtAssertionCredentials(serviceEmail, key, sub=adminEmail, 
    scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/ '+'other scopes')
auth = gdata.gauth.OAuth2Token(serviceEmail, key, 
    scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/',
    access_token=credentials.access_token,
    refresh_token=credentials.refresh_token,
    user_agent='emailsettings/2.0')#I do not really understand this param
client = gdata.apps.emailsettings.client.EmailSettingsClient(domain='mydomain.co')
#Also tried with (domain='mydomain.co', auth_token = credentials.access_token)
client.additional_headers = {'Authorization': 'Bearer %s' % credentials.access_token}
auth.authorize(client)
client.UpdateForwarding(username=username, enable=True, 
    forward_to=forwardTo, action='ARCHIVE')

2 个答案:

答案 0 :(得分:3)

这应该是直接使用凭证对象的正确方法:

import gdata.gauth

credentials = SignedJwtAssertionCredentials(serviceEmail,
                                            key, 
                                            sub=adminEmail,
                                            scope=scopes)
client = gdata.apps.emailsettings.client.EmailSettingsClient(domain='mydomain.co')
client.auth_token = gdata.gauth.OAuth2TokenFromCredentials(credentials)
client.UpdateForwarding(username=username, enable=True, 
forward_to=forwardTo, action='ARCHIVE')

答案 1 :(得分:0)

为了让我的代码能够工作,我需要更改为上次更新时需要做的一些事情:我需要使用user_agent=credentials.user_agent,删除client.additional_headers,然后使用来自的client_id和client_secret凭证而不是自己传递凭证(不确定这是否是变量类型问题) 最终工作代码:

credentials = SignedJwtAssertionCredentials(serviceEmail, key, sub=adminEmail, 
    scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/ '+'other scopes')
auth = gdata.gauth.OAuth2Token(
    credentials.client_id,#serviceEmail
    credentials.client_secret,#private key 
    scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/',
    access_token=credentials.access_token,
    refresh_token=credentials.refresh_token,
    user_agent=credentials.user_agent)
client = gdata.apps.emailsettings.client.EmailSettingsClient(domain='mydomain.co')
auth.authorize(client)
client.UpdateForwarding(username=username, enable=True, 
    forward_to=forwardTo, action='ARCHIVE')
相关问题
最新问题