我正在使用Google API客户端服务来执行所有GSuite API,例如客户创建,客户订阅和客户管理员用户创建。
因此,使用API,我可以创建客户,订阅并列出客户。但是,只有我做不到的事情,即客户管理员用户的创建。
似乎需要这样的范围“ https://www.googleapis.com/auth/admin.directory.user”。
但是经过多次尝试,我启用了范围“ https://www.googleapis.com/auth/admin.directory.user.readonly”。但是我不记得我是如何启用它的,只有我记得当我尝试使用API控制台时,我选择了所有目录API进行授权,甚至也选择了“ https://www.googleapis.com/auth/admin.directory.user”。
所以现在的问题是使用API创建管理员用户。我收到错误消息“权限不足:请求的身份验证范围不足。”
我仅通过引用以下URL来完成所有这些操作。
https://developers.google.com/admin-sdk/reseller/v1/quickstart/php https://developers.google.com/admin-sdk/directory/v1/quickstart/php
因此,请帮助我授予访问“ https://www.googleapis.com/auth/admin.directory.user”的权限,以便为我的应用创建管理员用户。
我已经使用下面的脚本来做到这一点。
<?php
require __DIR__ . '/vendor/autoload.php';
if (php_sapi_name() != 'cli') {
throw new Exception('This application must be run on the command line.');
}
function getClient()
{
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
$client = new Google_Client();
$client->setApplicationName('G Suite Reseller API PHP Quickstart');
$client->setScopes(Google_Service_Reseller::APPS_ORDER);
$client->setAuthConfig('credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
$tokenPath = 'token.json';
if (file_exists($tokenPath)) {
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
}
if ($client->isAccessTokenExpired()) {
if ($client->getRefreshToken()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
} else {
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
if (array_key_exists('error', $accessToken)) {
throw new Exception(join(', ', $accessToken));
}
}
if (!file_exists(dirname($tokenPath))) {
mkdir(dirname($tokenPath), 0700, true);
}
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
}
return $client;
}
$client = getClient();
$user = new Google_Service_Directory_User($client);
$service = new Google_Service_Directory($client);
$names = new Google_Service_Directory_UserName($client);
$customerId = $cusomter_id;
$email_id = $admin_email_id;
$fname = $fname;
$lname = $lname;
$kind = "admin#directory#user";
$user->setKind($kind);
$user->setChangePasswordAtNextLogin(true);
$user->setprimaryEmail($email_id);
$user->setCustomerId($customerId);
$user->setIsAdmin(true);
$names->setFamilyName($fname);
$names->setFullName($fname);
$user->setName($names);
$user->setPassword($password);
$setEmails = array("address"=>$email_id, "type"=>"work", "primary"=>true,"isAdmin"=>true);
$user->setEmails($setEmails);
$results = $service->users->insert($user);
print_r($results);
?>
PHP Fatal error: Uncaught exception 'Google_Service_Exception' with message '{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission: Request had insufficient authentication scopes."
}
],
"code": 403,
"message": "Insufficient Permission: Request had insufficient authentication scopes."
}
}
' in google-gsuite-api/google-api-php-client-2.2.3/src/Google/Http/REST.php:118
Stack trace:
#0 google-gsuite-api/google-api-php-client-2.2.3/src/Google/Http/REST.php(94): Google_Http_REST::decodeHttpResponse(Object(GuzzleHttp\Psr7\Response), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...')
#1 [internal function]: Google_Http_REST::doExecute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...')
#2 google-gsuite-api/google-api-php-client-2.2.3/src/Google/Task/Runner.php(176): call_user_func_ in google-gsuite-api/google-api-php-client-2.2.3/src/Google/Http/REST.php on line 118