带有服务帐户的Google目录API不起作用

时间:2016-10-05 13:20:55

标签: php google-api google-api-client

我使用的是Google PHP客户端库,但代码无效。

当我尝试从OAuth 2.0 Playground或https://developers.google.com/admin-sdk/directory/v1/reference/groups/insert尝试添加组时,尝试使用该部分,API工作正常,但是代码会出现以下错误:

Error refreshing the OAuth2 token, message: '{
 "error" : "unauthorized_client",
 "error_description" : "Unauthorized client or scope in request."
}'

代码:

public $scopes = array(
    //'https://www.googleapis.com/auth/admin.directory.user.readonly',
    //'https://www.googleapis.com/auth/admin.directory.group.member',
    'https://www.googleapis.com/auth/admin.directory.group',

    'https://www.googleapis.com/auth/apps.groups.settings',
    'https://www.googleapis.com/auth/admin.directory.group.member.readonly',
    'https://www.googleapis.com/auth/admin.directory.group.readonly'
);

$this->client = new Google_Client();

$this->client->setApplicationName("Test app");
$key = file_get_contents(APPPATH . $this->key_file_location);

$cred = new Google_Auth_AssertionCredentials(
    $this->email_address, $this->scopes, $key
);
$cred->sub = $this->sub;
$this->client->setAssertionCredentials($cred);
if ($this->client->getAuth()->isAccessTokenExpired()) {
    $this->client->getAuth()->refreshTokenWithAssertion($cred);
}

$this->dir = new Google_Service_Directory($this->client);

我的密钥和子密码是正确的,当我从范围中删除https://www.googleapis.com/auth/admin.directory.group时,我的代码工作正常。

0 个答案:

没有答案