服务帐户全域委托-PHP上的Google Calendar API v3 [英] Service account Domain-wide delegation - Google Calendar API v3 on PHP

问题描述

我对使用Google API PHP客户端的域范围委派有疑问( https://github.com/googleapis/google-api-php-client ).

I have a problem with the domain-wide delegation using Google API PHP Client (https://github.com/googleapis/google-api-php-client).

我知道这个问题以前曾被提出过，但是我找不到任何解决方案，所以我在这里再次询问，希望有人能解决这个问题.

I know this question has been asked before but I couldn’t find any solution, so I’m here asking again hoping that meanwhile someone solved this problem.

情况

我按照Google指南( https://developers.google.com/admin-sdk/directory/v1/guides/delegation )，但如果未明确共享日历，则无法从我的服务帐户中读取日历

I created a service account and enabled G Suite domain-wide delegation, following the google guide (https://developers.google.com/admin-sdk/directory/v1/guides/delegation), but I cannot read the calendars from my service account, if they are not explicitly shared.

我使用普通"用户日历对其进行了测试:

I tested it with a "normal" user calendar:

• 如果我不共享日历，则会收到错误找不到"
• 如果我与服务帐户共享日历(日历设置>与特定人员共享>添加服务帐户)，则可以从服务帐户读取此日历中的事件

这是代码:

<?php
require __DIR__ . '/vendor/autoload.php';

$client = new Google_Client();

putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json');
$client->useApplicationDefaultCredentials();
$client->setApplicationName('TestCalendarAPI');
$client->authorize();
$scopes = implode(' ', array(Google_Service_Calendar::CALENDAR, Google_Service_Calendar::CALENDAR_EVENTS));
$client->setScopes($scopes);

$service = new Google_Service_Calendar($client);
$optParams = array(
    'maxResults' => 10,
    'orderBy' => 'startTime',
    'singleEvents' => TRUE,
    'timeMin' => date('c')
);
$results = $service->events->listEvents('user@email.com', $optParams);
$events = $results->getItems();

if (empty($events)) {
    print "No upcoming events found.\n";
}
else {
    foreach ($events as $event) {
        printf("Summary: %s \n", $event->summary);
    }
}

---

问题

问题是我不想与服务帐户共享每个日历以读取其事件.这不是域范围委派的目的吗?

The problem is that I don't want to share every calendar with the service account to be able to read their events. Isn't this the aim of the domain-wide delegation?

此外，我想做的是读取资源的事件，但是我无法与服务帐户共享资源的日历.如果无法使域范围的委派工作，您是否知道如何与服务帐户共享资源日历?

Moreover, what I want to do is to read the events of a resource, and I'm not able to share the calendar of the resource with the service account. If there's no way to get the domain-wide delegation to work, do you know how to share the resources calendar with the service account?

在此先感谢您的帮助！

解决方案

这是我采用的解决方案(希望可以对某人有所帮助！).

This is the solution I adopted (hope that this could help someone!).

我冒充了一个订阅了我感兴趣的房间的用户:

I impersonated a user that subscribed the rooms I'm interested in:

$client->setSubject('user@email.com');

，然后阅读房间的日历:

and then read the room's calendar:

$results = $service->events->listEvents('room@email.com', $optParams);

这样，甚至不需要与服务帐户共享用户或会议室的日历！

This way, there's not even need to share the user's or the room's calendars with the service account!

推荐答案

使用服务帐户，您需要模拟域用户才能访问与该用户相同的数据，否则您只能请求访问可访问的公共数据.如果您需要每个用户的日历，则可以模拟每个用户.

With the service account you need to impersonate a domain user in order to have access to the same data as that user, otherwise you'll only be able to make requests to accessible public data. You could impersonate each user in case you need the calendar for each one.

以Google API为例 PHP库，则在设置 client 对象时可以使用 setSubject 方法:

From the example of the Google API PHP library, you can use setSubject method when setting the client object:

$client->setSubject($user_to_impersonate);

这篇关于服务帐户全域委托-PHP上的Google Calendar API v3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！