我正在尝试从在App Engine上运行的Java应用程序内部访问Google Admin Directory API以创建新的Google网上论坛。我正在使用以下依赖项:
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<version>1.25.0</version>
</dependency>
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client-appengine</artifactId>
<version>1.25.0</version>
</dependency>
<dependency>
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-admin-directory</artifactId>
<version>directory_v1-rev105-1.25.0</version>
</dependency>
然后我试图创建一个Google网上论坛,如下所示:
final List<String> SCOPES = Collections.singletonList(DirectoryScopes.ADMIN_DIRECTORY_GROUP);
AppIdentityCredential appCredential = new AppIdentityCredential(SCOPES);
final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
Directory directory = new Directory.Builder(HTTP_TRANSPORT, JSON_FACTORY, getClientCredential())
.setApplicationName("Test")
.build();
com.google.api.services.admin.directory.model.Group group = new Group();
group.setEmail("test@test.com");
group.setName("test_group");
group.setDescription("test_group_desc");
Group googleGroup = directory.groups().insert(group).execute();
我收到一个403错误,我认为我需要以其他方式进行身份验证。我查看了以下有关在Google App Engine上使用Java的Google API客户端库的指南:
https://developers.google.com/api-client-library/java/google-api-java-client/app-engine
这提供了指向using OAuth 2.0 with the authorization code flow for Google App Engine applications上的指南的链接
该指南提供了以下示例,说明如何创建GoogleAuthorizationCodeFlow,但是没有解释getClientCredential()是什么或在该例行程序中应该做什么:
return new GoogleAuthorizationCodeFlow.Builder(HTTP_TRANSPORT, JSON_FACTORY,
getClientCredential(), Collections.singleton(CalendarScopes.CALENDAR)).setDataStoreFactory(
DATA_STORE_FACTORY).setAccessType("offline").build();
关于使用App Engine身份API的这一部分看起来很有希望,但是没有说明如何将其与Google Admin Directory API客户端库一起使用:
https://cloud.google.com/appengine/docs/standard/java/appidentity/#asserting_identity_to_google_apis
从在App Engine上运行的应用程序进行身份验证需要做什么?
答案 0 :(得分:0)
我建议您检查java quickstart sample中的Google Admin SDK目录API。
例如,您可以使用getCredentials代替getClientCredential
/**
* Creates an authorized Credential object.
* @param HTTP_TRANSPORT The network HTTP Transport.
* @return An authorized Credential object.
* @throws IOException If the credentials.json file cannot be found.
*/
private static Credential getCredentials(final NetHttpTransport HTTP_TRANSPORT) throws IOException {
// Load client secrets.
InputStream in = AdminSDKDirectoryQuickstart.class.getResourceAsStream(CREDENTIALS_FILE_PATH);
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
// Build flow and trigger user authorization request.
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, SCOPES)
.setDataStoreFactory(new FileDataStoreFactory(new java.io.File(TOKENS_DIRECTORY_PATH)))
.setAccessType("offline")
.build();
LocalServerReceiver receiver = new LocalServerReceiver.Builder().setPort(8888).build();
return new AuthorizationCodeInstalledApp(flow, receiver).authorize("user");
}