我们为Google Apps Marketplace创建了一个应用程序,我们想要添加一个新功能 - 获取所有域的用户定义架构。但我没有找到如何授予我们的应用程序许可权。我们是否必须再次获得所有客户的许可?或者也许创建一个新的Google Apps Marketplace应用程序并仅向需要它的客户征求许可? (并非所有客户都需要此功能)。
这是我的代码,它以两种方式失败:
class EmailSettingsClient:
headers = None
domain = None
def __init__(self, admin_email):
self.initCredentials(admin_email)
logging.debug("headers={}".format(self.headers))
def initCredentials(self, admin_email):
http = httplib2.Http()
credentials = SignedJwtAssertionCredentials(
SERVICE_EMAIL,
PRIVATE_KEY,
scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/ https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/admin.directory.userschema.readonly',
sub=str(admin_email) # it doesn't work with this line.
)
http = credentials.authorize(http)
service = build(serviceName='admin', version='directory_v1', http=http)
creds = credentials.to_json()
access_token = credentials.token_response['access_token']
self.headers = {
'Content-type': 'application/atom+xml',
'Authorization': 'Bearer '+access_token
}
def get_all_domain_custom_schemas(self, feed_uri):
customer_id = "..." # domain customerId
logging.debug("EmailSettingsClient::get_all_domain_custom_schemas, feed_uri = {}, customerId = {} .".format(feed_uri, customer_id))
request_url = 'https://www.googleapis.com/admin/directory/v1/customer/{}/schemas'.format(customer_id)
reply = requests.get(request_url, headers=self.headers)
# data = json.loads(reply.content)
logging.info(reply.content)
customer_id = "my_customer"
logging.debug("EmailSettingsClient::get_all_domain_custom_schemas, feed_uri = {}, customerId = {} .".format(feed_uri, customer_id))
request_url = 'https://www.googleapis.com/admin/directory/v1/customer/{}/schemas'.format(customer_id)
reply = requests.get(request_url, headers=self.headers)
# data = json.loads(reply.content)
logging.info(reply.content)
class GetAllDomainCustomSchemasHandler(RequestHandler):
def post(self):
return self.get()
def get(self):
domain_str = self.request.get('domain')
domain = Domain.get_by_key_name(domain_str)
feed_uri = self.request.get('feed_uri', "")
email_settings_client = EmailSettingsClient(domain.admin)
email_settings_client.get_all_domain_custom_schemas(feed_uri)
return
一个,如果我们使用来自具有域管理员电子邮件地址的其他用户的“sub”参数,则会引发异常。并且两个,如果我不包含“sub”参数并从域管理员帐户运行应用程序,则会返回错误消息:当我尝试使用域customerId时,我收到此错误消息:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
当我尝试使用“my_customer”时,我收到了以下错误消息:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Service unavailable. Please try again"
}
],
"code": 503,
"message": "Service unavailable. Please try again"
}
}
我确定我错过了什么,但我没有找到如何让它发挥作用。有什么建议吗?
答案 0 :(得分:1)
最终,我发现我们可以在Google / Google Apps Marketplace SDK /配置下的Google Developers Console中添加此权限。我添加了https://www.googleapis.com/auth/admin.directory.userschema.readonly,每个域管理员都必须批准新的权限。如果您有更多信息,可以编辑此答案或发布新答案。