Google Directory API - 获取错误权限不足（403）更新用户密码时

Question

我正在尝试使用Google Admin SDK更改用户的密码并使用Google Directory API。

这是我的代码：

<?php
require_once __DIR__ . '/vendor/autoload.php';


define('APPLICATION_NAME', 'CRONDAQ');
define('CREDENTIALS_PATH', '/root/.credentials/admin-directory_v1-php-quickstart.json');
define('CLIENT_SECRET_PATH', __DIR__ . '/client_secret.json');
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/admin-directory_v1-php-quickstart.json
define('SCOPES', implode(' ', array(
  Google_Service_Directory::ADMIN_DIRECTORY_USER)
));

if (php_sapi_name() != 'cli') {
  throw new Exception('This application must be run on the command line.');
}

/**
 * Returns an authorized API client.
 * @return Google_Client the authorized client object
 */
function getClient() {
  $client = new Google_Client();
  $client->setApplicationName(APPLICATION_NAME);
  $client->setScopes(SCOPES);
  $client->setAuthConfig(CLIENT_SECRET_PATH);
  $client->setAccessType('offline');

  // Load previously authorized credentials from a file.
  $credentialsPath = expandHomeDirectory(CREDENTIALS_PATH);
  if (file_exists($credentialsPath)) {
    $accessToken = json_decode(file_get_contents($credentialsPath), true);
  } else {
    // Request authorization from the user.
    $authUrl = $client->createAuthUrl();
    printf("Open the following link in your browser:\n%s\n", $authUrl);
    print 'Enter verification code: ';
    $authCode = trim(fgets(STDIN));

    // Exchange authorization code for an access token.
    $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);

    // Store the credentials to disk.
    if(!file_exists(dirname($credentialsPath))) {
      mkdir(dirname($credentialsPath), 0700, true);
    }
    file_put_contents($credentialsPath, json_encode($accessToken));
    printf("Credentials saved to %s\n", $credentialsPath);
  }
  $client->setAccessToken($accessToken);

  // Refresh the token if it's expired.
  if ($client->isAccessTokenExpired()) {
    $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
    file_put_contents($credentialsPath, json_encode($client->getAccessToken()));
  }
  return $client;
}

/**
 * Expands the home directory alias '~' to the full path.
 * @param string $path the path to expand.
 * @return string the expanded path.
 */
function expandHomeDirectory($path) {
  $homeDirectory = getenv('HOME');
  if (empty($homeDirectory)) {
    $homeDirectory = getenv('HOMEDRIVE') . getenv('HOMEPATH');
  }
  return str_replace('~', realpath($homeDirectory), $path);
}

// Get the API client and construct the service object.
$client = getClient();


$service = new Google_Service_Directory($client);

$password = crypt ( "Password", $salt="IamSecretkey" );

$userObj = new Google_Service_Directory_User(
    array(
        'password' =>  $password
    )
);

try{
    $results = $service->users->update("danish@XXX.in", $userObj );
} catch(Error $ex) {
print_r($ex->getMessage());
}

echo "<pre>";
print_r($results);

以下是我收到的错误：

  

PHP致命错误：未捕获的异常＆＃39; Google_Service_Exception＆＃39;同   消息＆＃39; {＆＃34;错误＆＃34;：{＆＃34;错误＆＃34;：[{       ＆＃34;域＆＃34;：＆＃34;全球＆＃34;，       ＆＃34;原因＆＃34;：＆＃34;不足的承诺＆＃34;，       ＆＃34;消息＆＃34;：＆＃34;权限不足＆＃34; }，＆＃34;代码＆＃34;：403，＆＃34;消息＆＃34;：＆＃34;权限不足＆＃34; }}

Answer 1

＆＃34;许可不足＆＃34;可能表示您的帐户正在尝试更改其他用户的密码，而您的帐户没有进行此类更改所需的先决条件角色。

   $client = new Google_Client();
   ...
   ...
   $client->setScopes(SCOPES);
   $client->setSubject($impersonate);

...其中$ impersonate是＆＃34; adminWithRolesToMakeChanges@XXX.in"。角色在管理控制台中设置。这可能是问题吗？