我正在尝试使用gmail api将代理设置为用户,但出现403错误:“拒绝inbound.admin@mydomain.com的代理”
首先,在开发人员控制台中,我创建了一个具有域范围委派的服务帐户=>我创建了一个密钥文件(代码在下面的prov-demo-picpus-sofiam-087d89bad40e.json) 然后我给了它在谷歌管理控制台的两个范围: -https://www.googleapis.com/auth/gmail.settings.basic -https://www.googleapis.com/auth/gmail.settings.sharing
然后,要列出用户“ syl.guy@mydomain.com”的代表,我的代码如下:
public class TestGoogle {
private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
static GoogleCredential addServiceAccountGoogleCredentialAndProxy(GoogleCredential credential, String user) throws IOException, GeneralSecurityException {
final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
GoogleCredential credentialModifed = (new GoogleCredential.Builder()).setTransport(credential.getTransport()).setJsonFactory(credential.getJsonFactory()).setServiceAccountId(credential.getServiceAccountId())
.setServiceAccountScopes(credential.getServiceAccountScopes()).setServiceAccountPrivateKey(credential.getServiceAccountPrivateKey())
.setServiceAccountPrivateKeyId(credential.getServiceAccountPrivateKeyId()).setServiceAccountUser(user).build();
return credentialModifed;
}
public static void main(String[] args) throws IOException, GeneralSecurityException {
List<String> scopes = new ArrayList<String>();
scopes.add("https://www.googleapis.com/auth/gmail.settings.basic");
scopes.add("https://www.googleapis.com/auth/gmail.settings.sharing");
GoogleCredential credential = GoogleCredential.fromStream(new FileInputStream("./target/classes/prov-demo-picpus-sofiam-087d89bad40e.json"))
.createScoped(scopes);
GoogleCredential credential2 = addServiceAccountGoogleCredentialAndProxy(credential,"inbound.admin@mydomain.com");
final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
Gmail gmail = new Gmail.Builder(HTTP_TRANSPORT, JSON_FACTORY,credential2).setApplicationName("appli-testsg").build();
Gmail.Users.Settings.Delegates.List request2 = gmail.users().settings().delegates().list("syl.guy@mydomain.com");
List<Delegate> delegates = request2.execute().getDelegates();
System.out.println(delegates.toString());
使用上面的代码,我在输出控制台中得到以下结果:
Exception in thread "main" com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Delegation denied for inbound.admin@mydomain.com",
"reason" : "forbidden"
} ],
"message" : "Delegation denied for inbound.admin@mydomain.com"
}
但是,如果实例化的Gmail对象的凭据可以模拟我要查看/修改的用户,那么它就可以正常工作! 如果修改该行:
GoogleCredential credential2 = addServiceAccountGoogleCredentialAndProxy(credential,"inbound.admin@mydomain.com");
作者:
GoogleCredential credential2 = addServiceAccountGoogleCredentialAndProxy(credential,"syl.guy@mydomain.com");
我在输出控制台中看到一个结果:
[{"delegateEmail":"elsa@mydomain.com","verificationStatus":"accepted"}]
pb是,如果我有100个用户来设置其代表,则需要实例化100个GoogleCredential和Gmail对象?你能确认吗?