Google php客户端库loadServiceAccountJson损坏-随附修复 [英] Google php client library loadServiceAccountJson broken - fix enclosed
问题描述
php库loadServiceAccountJson
中的新功能不允许在Google_Auth_AssertionCredentials
创建者中设置sub,因此始终会导致授权失败.我们如何更新图书馆?
The new function in the php library loadServiceAccountJson
doesn't allow setting sub in the Google_Auth_AssertionCredentials
creator, so always gives authorization fails. How do we get the library updated?
以下说明将允许对Admin SDK Directory API进行有效查询:
The following instructions will allow a working query, in my case to the Admin SDK Directory API:
首先,将src/Google/Client.php
中的php库函数loadServiceAccountJson
更新为此:
First, update the php library function loadServiceAccountJson
in src/Google/Client.php
to this:
public function loadServiceAccountJson($jsonLocation, $scopes)
{
$data = json_decode(file_get_contents($jsonLocation));
if (isset($data->type) && $data->type == 'service_account') {
// Service Account format.
$cred = new Google_Auth_AssertionCredentials(
$data->client_email,
$scopes,
$data->private_key,
'notasecret',
'http://oauth.net/grant_type/jwt/1.0/bearer',
$data->sub
);
return $cred;
} else {
throw new Google_Exception("Invalid service account JSON file.");
}
}
然后,将值sub
添加到从Developer Console/APIs&中下载的服务器auth json文件中的数据中.身份验证/凭据(您需要创建一个服务帐户)-将文件命名为serverauth.json
:
Then, add a value sub
to the data in your server auth json file, downloaded from the Developer Console/APIs & Auth/Credentials (you'll need to make a Service Account) - name the file serverauth.json
:
{
"private_key_id": "removed",
"private_key": "-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----\n",
"client_email": "removed",
"client_id": "removed",
"redirect_uris":[your urls here],
"type": "service_account",
"sub": "valid.user@google.domain.com"
}
现在,获取授权:
$credentials = $client->loadServiceAccountJson('serverauth.json',"https://www.googleapis.com/auth/admin.directory.user.readonly");
$client->setAssertionCredentials($credentials);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion();
}
最后,创建一个Directory实例并对其进行查询:
And lastly, create a Directory instance and query it:
$service = new Google_Service_Directory($client);
$optParams = array(
'domain' => 'google.domain.com',
'orderBy' => 'email',
'viewType' => 'domain_public',
'query' => "givenName:'Joe' familyName:'Schmoe Jr'"
);
$results = $service->users->listUsers($optParams);
$users = $results->getUsers();
print_r($users);
推荐答案
新的Google API现在有所不同:
New Google API is bit different now:
$client = new Google_Client();
$client->setApplicationName("YourAppName");
$client->setAuthConfig(<JSON-Config-File-Location>);
$client->setScopes(array("https://www.googleapis.com/auth/admin.directory.user.readonly", "https://www.googleapis.com/auth/admin.directory.group.readonly"));
$client->setSubject(<User-Email-To-Impersonate>);
$service = new Google_Service_Directory($client);
$results = $service->users->listUsers(array('domain' => '<your-domain-name>'));
我仍在尝试找出无需假冒用户该如何获得此信息?
I'm still trying to figure out how can I get this without the need to impersonate user?
这篇关于Google php客户端库loadServiceAccountJson损坏-随附修复的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!