我想在Google Directory API中使用Server to Server OAuth 2.0来访问整个域的用户和组信息。对于使用SignedJwtAssertionCredentials的身份验证,我开始使用this year-old post中的代码。当我运行我的代码时,我收到以下错误:googleapiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/admin/directory/v1/users?customer=C...3&orderBy=email&alt=json&maxResults=10 returned "Not Authorized to access this resource/api">
我使用的Python代码:
import httplib2
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
# Get the private key from the Google supplied private key file.
f = file("private-key.pem", "rb")
key = f.read()
f.close()
# Create the JWT
credentials = SignedJwtAssertionCredentials(
"23...fk@developer.gserviceaccount.com", key,
scope="https://www.googleapis.com/auth/admin.directory.user"
)
# Create an authorized http instance
http = httplib2.Http()
http = credentials.authorize(http)
# Create a service call to the directory API
service = build('admin', 'directory_v1', http=http)
# Show the first 10 users
print 'Getting the first 10 users in the domain'
results = service.users().list(customer='C...3', maxResults=10, orderBy='email',
viewType='admin_view').execute()
users = results.get('users', [])
if not users:
print 'No users in the domain.'
else:
print 'Users:'
for user in users:
print '{0} ({1})'.format(user['primaryEmail'], user['name']['fullName'])
我在开发者控制台中创建了一个密钥,客户端ID和客户端电子邮件地址,并将以下客户端ID和范围添加到域下的#34;管理API客户端访问&#34;在管理控制台中。我启用了API访问 范围已启用:
https://www.googleapis.com/auth/admin.directory.user,
https://www.googleapis.com/auth/admin.directory.user.readonly,
https://www.googleapis.com/auth/admin.directory.group.member,
https://www.googleapis.com/auth/admin.directory.group.member.readonly
我成功地使用代码的下半部分将身份验证的用户读作已安装的应用程序而不是服务器到服务器,并且工作正常(相同的客户ID等)。这应该有用吗?有什么我想念的吗?我唯一能想到的是我用于测试的域名是Google Apps免费版。
的错误相同谢谢,
-rohan
答案 0 :(得分:1)
您需要模拟域中的超级管理员用户。尝试:
credentials = SignedJwtAssertionCredentials(
"23...fk@developer.gserviceaccount.com",
key,
scope="https://www.googleapis.com/auth/admin.directory.user",
sub="admin@domain.com")