我试图通过Google管理目录API列出用户。
import logging
import os
from google.appengine.api import memcache
from googleapiclient import discovery
from oauth2client.contrib.appengine import AppAssertionCredentials
import httplib2
from flask import Flask
credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/admin.directory.user')
auth_http = credentials.authorize(httplib2.Http(cache=memcache))
service = discovery.build('admin', 'directory_v1', http=auth_http)
@app.route('/list')
def list():
results = service.users().list(domain='example.com', maxResults=10, orderBy='email').execute()
return 'success'
app = Flask(__name__)
我在App Engine中运行此功能,并按照https://developers.google.com/api-client-library/python/auth/service-accounts
中的说明为App Engine默认服务帐户启用了域范围的委派这是我得到的错误: HttpError:https://www.googleapis.com/admin/directory/v1/users?orderBy = email& domain = example.com& salt = json& amp ; maxResults = 10返回"未授权访问此资源/ api">
答案 0 :(得分:2)
按照Delegating domain-wide authority to the service account:
中指示的步骤操作然后,G Suite域管理员必须完成以下步骤:
确保您的服务帐户设置为管理员。