我已经创建了一个服务帐户,并为其客户端ID提供了范围https://www.googleapis.com/auth/admin.directory.group当我运行以下代码时,我收到403错误:Insuffient Permission。
<?php
// Requires >= PHP 5.4
require_once(__DIR__ . '/vendor/autoload.php');
date_default_timezone_set('America/Chicago');
$settings = [
'creds_path' => '/path/to/service_creds.json',
'group_email' => 'group@email.com',
'service_email' => 'service@email.com'
];
putenv("GOOGLE_APPLICATION_CREDENTIALS={$settings['creds_path']}");
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
$client->addScope(Google_Service_Directory::ADMIN_DIRECTORY_GROUP);
// $client->setSubject('admin@email.com');
$service = new Google_Service_Groupssettings($client);
try {
print_r($service->groups->get($settings['group_email'], ['alt' => 'json']));
} catch(Google_Service_Exception $e) {
if($e->getCode() == 404) {
echo "Group {$settings['group_email']} not found.\n";
exit;
} elseif($e->getCode() == 403) {
echo "Insufficient Permissions.\n";
exit;
} else {
throw $e;
}
}
我在某处读到服务帐户必须冒充有权访问admin sdk的人,这就是注释掉的行所尝试的内容,但它没有用。
有谁知道什么是错的?
required的代码来自https://github.com/google/google-api-php-client
答案 0 :(得分:0)
最终我正在使用错误的课程。我将Google_Service_Groupssettings切换为Google_Service_Directory并取消注释setSubject来电,现在可以正常使用。