Google php客户端库loadServiceAccountJson损坏-随附修复 [英] Google php client library loadServiceAccountJson broken - fix enclosed

问题描述

php库loadServiceAccountJson中的新功能不允许在Google_Auth_AssertionCredentials创建者中设置sub，因此始终会导致授权失败.我们如何更新图书馆?

The new function in the php library loadServiceAccountJson doesn't allow setting sub in the Google_Auth_AssertionCredentials creator, so always gives authorization fails. How do we get the library updated?

以下说明将允许对Admin SDK Directory API进行有效查询:

The following instructions will allow a working query, in my case to the Admin SDK Directory API:

首先，将src/Google/Client.php中的php库函数loadServiceAccountJson更新为此:

First, update the php library function loadServiceAccountJson in src/Google/Client.php to this:

  public function loadServiceAccountJson($jsonLocation, $scopes)
  {
    $data = json_decode(file_get_contents($jsonLocation));
    if (isset($data->type) && $data->type == 'service_account') {
      // Service Account format.
      $cred = new Google_Auth_AssertionCredentials(
          $data->client_email,
          $scopes,
          $data->private_key,
          'notasecret',
          'http://oauth.net/grant_type/jwt/1.0/bearer',
          $data->sub
      );
      return $cred;
    } else {
      throw new Google_Exception("Invalid service account JSON file.");
    }
  }

然后，将值sub添加到从Developer Console/APIs&中下载的服务器auth json文件中的数据中.身份验证/凭据(您需要创建一个服务帐户)-将文件命名为serverauth.json:

Then, add a value sub to the data in your server auth json file, downloaded from the Developer Console/APIs & Auth/Credentials (you'll need to make a Service Account) - name the file serverauth.json:

{
  "private_key_id": "removed",
  "private_key": "-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----\n",
  "client_email": "removed",
  "client_id": "removed",
  "redirect_uris":[your urls here],
  "type": "service_account",
  "sub": "valid.user@google.domain.com"
}

现在，获取授权:

$credentials = $client->loadServiceAccountJson('serverauth.json',"https://www.googleapis.com/auth/admin.directory.user.readonly");
$client->setAssertionCredentials($credentials);
if ($client->getAuth()->isAccessTokenExpired()) {
    $client->getAuth()->refreshTokenWithAssertion();
}

最后，创建一个Directory实例并对其进行查询:

And lastly, create a Directory instance and query it:

$service = new Google_Service_Directory($client);
$optParams = array(
        'domain' => 'google.domain.com',
        'orderBy' => 'email',
        'viewType' => 'domain_public',
        'query' => "givenName:'Joe' familyName:'Schmoe Jr'"
);
$results = $service->users->listUsers($optParams);
$users = $results->getUsers();

print_r($users);

推荐答案

新的Google API现在有所不同:

New Google API is bit different now:

$client = new Google_Client();
$client->setApplicationName("YourAppName");
$client->setAuthConfig(<JSON-Config-File-Location>);
$client->setScopes(array("https://www.googleapis.com/auth/admin.directory.user.readonly", "https://www.googleapis.com/auth/admin.directory.group.readonly"));
$client->setSubject(<User-Email-To-Impersonate>);

$service = new Google_Service_Directory($client);
$results = $service->users->listUsers(array('domain' => '<your-domain-name>'));

我仍在尝试找出无需假冒用户该如何获得此信息?

I'm still trying to figure out how can I get this without the need to impersonate user?

这篇关于Google php客户端库loadServiceAccountJson损坏-随附修复的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！