Google Adminsdk目录API访问 [英] Google Adminsdk Directory API access
问题描述
我正在尝试获取已向指定客户ID注册的chrome设备的列表.
I am trying to get the list of chrome devices registered with the specified customer Id.
我已经完成了以下步骤.
I have done the following Steps.
- 启用了Google Admin Directory API
- 创建了服务帐户,并下载了jwt.json文件用于 连通性.
- 启用了域范围的G-Suite委派特权.
-
将此客户端ID注册为授权的API客户端,通过Google 管理员(管理API客户端访问权限)
- Enabled Google Admin Directory API
- Created Service Account and downloaded the jwt.json file for connectivity.
- Enabled the Domain wide G-Suite Delegation previlige.
Registered this client id as authorized API client Thru Google Admin(Manage API client access)
客户ID:我们的客户ID API范围:查看和管理Chrome操作系统设备的元数据 https://www. googleapis.com/auth/admin.directory.device.chromeos 查看您的Chrome操作系统设备的元数据
Client Id : our clientid API Scope: View and manage your Chrome OS devices' metadata https://www.googleapis.com/auth/admin.directory.device.chromeos View your Chrome OS devices' metadata https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly Next I used my Node module to Generate the JWT access
令牌创建成功.
{"access_token":"ya29.c.KpEB****K*********lufaGlx5k********hvAdADxBhOA****8R3rnTPKKnVb97sdPFG66wHy4FPrnx6KskafKXrBBfEgILdDelP-n5irpKm5h8y8oBWHO*******Xg","token_type":"Bearer","expiry_date":1587150649000,"refresh_token":"jwt-placeholder"}
现在,我正尝试使用此Bearer令牌来访问以下API
Now i am trying to use this Bearer toke to access the following API
https://www.googleapis.com/admin /directory/v1/customer/ourcustomerid/devices/chromeos
这总是会出现以下错误.
This is always giving the following error.
{
"error": {
"errors": [{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
不确定是什么问题.
推荐答案
Then I have added the subject as impersonated users email address.
const jwtAuth = new google.auth.JWT(
quickstart.client_email,
null,
quickstart.private_key,
[
'https://www.googleapis.com/auth/admin.directory.device.chromeos',
'https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly'
],
'email address of the impersonated user',
);
这篇关于Google Adminsdk目录API访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!