我正在尝试从Reports API获取数据。
我获得服务帐户的访问令牌并在GET请求中使用它。始终响应
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Access denied. You are not authorized to read activity records.",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Access denied. You are not authorized to read activity records."
}
}
我正在使用Java进行请求。没有Google API库(客户要求)。源代码是
String urlString = "https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/drive?maxResults=25";
URL url = new URL(urlString);
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
// optional default is GET
urlConnection.setRequestMethod("GET");
urlConnection.setDoInput(true);
// Add request header.
urlConnection.setRequestProperty("Authorization", "Bearer " + accessToken.getValue());
int responseCode = urlConnection.getResponseCode();
System.out.println("\nSending 'GET' request to URL : " + urlString);
System.out.println("Response Code : " + responseCode);
BufferedReader bufferedReader;
if (responseCode == 200) {
bufferedReader = new BufferedReader(
new InputStreamReader(urlConnection.getInputStream()));
} else {
bufferedReader = new BufferedReader(
new InputStreamReader(urlConnection.getErrorStream()));
}
String inputLine;
StringBuffer stringBuffer = new StringBuffer();
while ((inputLine = bufferedReader.readLine()) != null) {
stringBuffer.append(inputLine);
}
bufferedReader.close();
System.out.println(stringBuffer.toString());
能请你帮我我所缺少的吗?
关于, 亚历山大。
答案 0 :(得分:1)
“访问被拒绝。您无权读取活动记录。”,
意味着您被认证的用户无权执行您尝试执行的操作。要通过此api使用服务帐户,您需要设置domain wide delegation
在企业应用程序中,您可能需要以编程方式访问用户的数据,而无需他们的任何手动授权。在G Suite域中,域管理员可以授予第三方应用程序对其用户数据具有域范围的访问权限-这称为域范围的授权。为了以这种方式委派权限,域管理员可以将服务帐户与OAuth 2.0结合使用。
- 转到您的G Suite域的管理控制台。
- 从控件列表中选择“安全性”。如果您没有看到“安全性”列表,请从页面底部的灰色栏中选择“更多控件”,然后从控件列表中选择“安全性”。
- 从选项列表中选择“高级设置”。
- 在“身份验证”部分中选择“管理第三方OAuth客户端访问权限”。
- 在“客户名称”字段中输入服务帐户的客户ID。
- 在“一个或多个API范围”字段中,输入应授予您的应用程序访问权限的范围列表(请参见下图)。例如,如果您需要在域范围内访问活动报告,请输入:https://www.googleapis.com/auth/admin.reports.audit.readonly
- 单击“授权”按钮。
答案 1 :(得分:0)
就是下面的代码。这里有两件事非常重要:电子邮件 ID,即 SERVICE_ACCOUNT_EMAIL 和 json 文件 SERVICE_ACCOUNT_PKCS12_FILE_PATH:
来源:https://developers.google.com/admin-sdk/reports/v1/guides/delegation
我正在使用它的 GO 版本,在使用了 2 天后,它就像一个魅力:))(顺便说一下,可以在此处找到 GO 版本:https://developers.google.com/admin-sdk/directory/v1/guides/delegation#go)
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson.JacksonFactory;
import com.google.api.services.admin.reports.Reports;
import com.google.api.services.admin.reports.ReportsScopes;
...
/** Email of the Service Account */
private static final String SERVICE_ACCOUNT_EMAIL = "<some-id>@developer.gserviceaccount.com";
/** Path to the Service Account's Private Key file */
private static final String SERVICE_ACCOUNT_PKCS12_FILE_PATH = "/path/to/<public_key_fingerprint>-privatekey.p12";
/**
* Build and returns a Reports service object authorized with the service accounts
* that act on behalf of the given user.
*
* @param userEmail The email of the user. Needs permissions to access the Admin APIs.
* @return Reports service object that is ready to make requests.
*/
public static Reports getReportsService(String userEmail) throws GeneralSecurityException,
IOException, URISyntaxException {
HttpTransport httpTransport = new NetHttpTransport();
JacksonFactory jsonFactory = new JacksonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(ReportsScopes.ADMIN_REPORTS_AUDIT_READONLY)
.setServiceAccountUser(userEmail)
.setServiceAccountPrivateKeyFromP12File(
new java.io.File(SERVICE_ACCOUNT_PKCS12_FILE_PATH))
.build();
Reports service = new Reports.Builder(httpTransport, jsonFactory, null)
.setHttpRequestInitializer(credential).build();
return service;
}