Question

我正在开发使用Google Apps转销商API（Found here）的项目。

我遇到了403 Forbidden Exception。

代码（大部分来自Google Codelab示例Here：

try {
        try {

        Reseller service = GoogleResellerApiUtil.getResellerService();

        Customer customerRecord = service.customers().get("acme.com").execute(); //crashes here
    // "acme.com" is also used in the example from Google
        System.out.println(customerRecord.toString());


    } catch (GoogleJsonResponseException e) {
        e.printStackTrace();
    }

这是我用来连接API的类。我提供了一个p12文件并且它使用了服务帐户，在调用API时它会冒充其中一个超级管理员，因此应该允许它进行所有调用。

目前我只使用只读范围。

public class GoogleResellerApiUtil {
    /** HTTP_TRANSPORT */
    private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();

    /** JSON Factory*/
    private static final JsonFactory JSON_FACTORY = new JacksonFactory();

    /** Service Account Email */
    public static final String SERVICE_ACCOUNT_EMAIL = "****@appspot.gserviceaccount.com";

    /** P12 File Location */
    public static final String PRIVATE_KEY_FILE = "WEB-INF/key.p12";

    /** Reseller Admin Account to impersonate */
    public static final String RESELLER_ADMIN = "**.**@**.com";

    /** Scopes */
    public static final List<String> SCOPES = Arrays.asList(ResellerScopes.APPS_ORDER_READONLY);

    /** Application name. */
    private static final String APPLICATION_NAME = "**-subscription-portal";

    /** Logger */
    private final static Logger LOGGER =
        Logger.getLogger(GoogleResellerApiUtil.class.getName());



    public static GoogleCredential getCredentials() throws IOException {

        GoogleCredential credentials = null;

        try {
            credentials = new GoogleCredential.Builder()
                .setTransport(HTTP_TRANSPORT)
                .setJsonFactory(JSON_FACTORY)
                .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
                .setServiceAccountScopes(SCOPES)
                .setServiceAccountUser(RESELLER_ADMIN)
                .setServiceAccountPrivateKeyFromP12File(new File(PRIVATE_KEY_FILE))
                .build();
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        }

        System.out.println("credential has been build, returning credential "); //this gets printed, so I think the credentials are valid?
    return credentials;
}

    /**
     * Build and return an authorized Reseller client service.
     * @return an authorized Reseller client service
     * @throws IOException
     */
    public static Reseller getResellerService() throws Exception {
        Credential credential = getCredentials();
        return new Reseller.Builder(
            HTTP_TRANSPORT, JSON_FACTORY, credential)
            .setApplicationName(APPLICATION_NAME)
            .build();
    }
}

但是在拨打电话时收到以下错误消息：

com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 OK
{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Forbidden",
    "reason" : "forbidden"
  } ],
  "message" : "Forbidden"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
etc. etc. etc.

Answer 1

在Reseller API: Manage Subscriptions中注明

注意：如果customerAuthToken无效或已过期，则API响应将返回403＆＃34; Forbidden＆＃34;错误。

要解决此问题，请确保请求必须由有权访问数据的经过身份验证的用户授权。正如Reseller API: Authorizing

中所述

注意：授予转销商API权限的用户必须是域超级管理员。

除此之外，在Token expiration中建议您编写代码以预测授予的令牌可能不再有效的可能性。由于以下原因之一，令牌可能会停止工作：

用户已撤销访问权限。
该令牌已使用六个月。
用户更改了密码，令牌包含Gmail范围。
用户帐户已超过一定数量的令牌请求。

希望有所帮助！

Google Reseller API获取GoogleJsonResponseException：403 Forbidden

1 个答案: