我正在使用Google Directory API,oauth2和PHP的服务帐户,从命令行运行。
作为第一步,我只是尝试检索单个用户对象。这是代码:
require_once realpath(__DIR__ . '/../vendor/autoload.php');
session_start();
define('APPLICATION_NAME', 'Directory API PHP Quickstart');
define('SCOPES', implode(' ',
array(Google_Service_Directory::ADMIN_DIRECTORY_USER_READONLY)));
putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/XXXXXXXX.json');
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
$client->addScope(SCOPES);
$client->setSubject('me@mydomain.com');
$httpClient = $client->authorize();
$response =
$httpClient->get('https://www.googleapis.com/admin/directory/v1/users/me@mydomain.com');
print $response->getBody();
以下是我得到的回复:
Uncaught exception 'GuzzleHttp\Exception\ClientException' with message 'Client error: `POST https://www.googleapis.com/oauth2/v4/token` resulted in a `401 Unauthorized` response:
{
"error": "unauthorized_client",
"error_description": "Unauthorized client or scope in request."
}
' in /var/www/feeds/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:107
Stack trace: #0 /var/www/feeds/vendor/guzzlehttp/guzzle/src/Middleware.php(65): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response))
#1 /var/www/feeds/vendor/guzzlehttp/promises/src/Promise.php(203): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))
#2 /var/www/feeds/vendor/guzzlehttp/promises/src/Promise.php(156): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), Array)
#3 /var/www/feeds/vendor/guzzlehttp/promises/src/TaskQueue.php(61): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}()
#4 /var/www/feeds/vendor/guzzlehttp/promis in /var/www/feeds/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 107
在管理控制台中>安全>管理API客户端访问,我已使用这些API范围输入客户端ID:
View and manage the provisioning of groups on your domain
https://www.googleapis.com/auth/admin.directory.group
View and manage the provisioning of users on your domain
https://www.googleapis.com/auth/admin.directory.user
Groups Settings
https://www.googleapis.com/auth/apps.groups.settings
我用于该主题的帐户('me@mydomain.com')是该域名的超级管理员。为服务帐户启用了域范围的委派。
我在这里俯瞰什么?任何帮助将不胜感激。
答案 0 :(得分:0)
检查您是否在管理控制台中启用了API,还要检查您的Google Project for Admin SDK中是否已启用该服务。