PHP管理员403错误

时间:2015-09-29 17:05:03

标签: google-admin-sdk

我一直在寻找并尝试许多不同的解决方案来解决这个错误,我不仅发现了这个网站,还发现了其他网站。

目前,我正在尝试根据设置的参数获取用户列表或特定用户详细信息。从长远来看,我想创建和修改用户和组。

我有图片,但我很想发布到这个网站,我无法在这里发布它们。我可以确认以下内容:

  • 我为域
  • 启用了API
  • api_studentportal(at)domain.com是超级管理员
  • 在开发者控制台
  • 下启用了Admin SDK
  • 在“管理API客户端访问权限”下,我已将“474470900273-asrfjsg0m0ucsfadeit456sg518l1bqa.apps.googleusercontent.com”添加到“admin.directory.group”和“admin.directory.user”

我的代码:

date_default_timezone_set('America/Los_Angeles');
session_start();
set_include_path(get_include_path() . PATH_SEPARATOR . 'google/composer/src');
require 'composer/vendor/autoload.php';
$keychain = json_decode(file_get_contents('Google.json'), true);

$service_account_name = $keychain['client_email']; //474470900273-asrfjsg0m0ucsfadeit456sg518l1bqa@developer.gserviceaccount.com
$private_key = $keychain['private_key'];


$client = new Google_Client(); 
$client->setApplicationName("SAMPLE"); 
$service = new Google_Service_Directory($client); 

if (isset($_SESSION['service_token'])) { 
  $client->setAccessToken($_SESSION['service_token']); 
} 

$cred = new Google_Auth_AssertionCredentials( 
    $service_account_name, 
    array('https://www.googleapis.com/auth/admin.directory.user', 'https://www.googleapis.com/auth/admin.directory.group'), 
    $private_key, 
    'notasecret', 
    'http://oauth.net/grant_type/jwt/1.0/bearer', 
    'api_studentportal@domain.com' 
); 
$client->setAssertionCredentials($cred); 



if($client->getAuth()->isAccessTokenExpired()) { 
  $client->getAuth()->refreshTokenWithAssertion($cred); 
} 
$_SESSION['service_token'] = $client->getAccessToken(); 







$service = new Google_Service_Directory($client);

// Print the first 10 users in the domain.
$optParams = array(
  'domain' => 'domain.com',
  'maxResults' => 10,
  'orderBy' => 'familyName',
  'viewType' => 'domain_public',
);
$results = $service->users->listUsers($optParams);

然后我收到以下PHP错误:

Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users?domain=domain.com&maxResults=10&orderBy=familyName&viewType=domain_public: (403) Not Authorized to access this resource/api' in google/composer/src/Google/Http/REST.php:110 Stack trace: #0 google/composer/src/Google/Http/REST.php(62): Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request), Object(Google_Client)) #1 [internal function]: Google_Http_REST::doExecute(Object(Google_Client), Object(Google_Http_Request)) #2 google/composer/src/Google/Task/Runner.php(174): call_user_func_array(Array, Array) #3 google/composer/src/Google/Http/REST.php(46): Google_Task_Runner->run() #4 google/composer/src/Google/Client.php(593): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request)) #5 google/composer in google/composer/src/Google/Http/REST.php on line 110

1 个答案:

答案 0 :(得分:1)

好像只是定义了viewType optParam。 ' viewType' => ' domain_public'是无效的。一旦删除,查询就有效。