这是我的代码:
def addUsersToGroup(users,group):#users is a list of emails.
SCOPES1 = 'https://www.googleapis.com/auth/admin.directory.group'
store = file.Storage('token.json')
creds = store.get()
if not creds or creds.invalid:
flow = client.flow_from_clientsecrets('credentials.json', SCOPES1)
creds = tools.run_flow(flow, store)
service = build('admin', 'directory_v1', http=creds.authorize(Http()))
groupbody={'email':group}
add_group = service.groups().insert(body=groupbody).execute() #making the group
for user in users:
emailbody = {'email':user}
group_add=service.members().insert(groupKey=groupbody, body=emailbody).execute()
运行此程序时,我可以创建一个组,但不能向其中添加成员。我已经为我的Google管理员帐户启用了域范围的访问范围https://www.googleapis.com/auth/admin.directory.group。
这是错误代码:
raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 403 when requestinghttps://www.googleapis.com/admin/directory/v1/groups/%7B%27email%27%3A%20%
27alfabetet%40ntnui.no%27%7D/members?alt=json returned "Not Authorized
to access this resource/api">
有帮助吗? :)
答案 0 :(得分:0)
基于此thread,这可能是权限问题。
似乎此问题与此处的主题有关: Received error "Not Authorized to access this resource/api" when trying to use Google Directory API and Service Account Authentication
您需要将具有管理员权限的帐户电子邮件传递到凭据中 像这样:
credentials = SignedJwtAssertionCredentials('CLIENT_EMAIL', key, scope='https://www.googleapis.com/auth/admin.directory.user', sub='superadmin@domain.com')
此过程现在记录在:https://developers.google.com/admin-sdk/directory/v1/guides/delegation