电子邮件审核API-禁止使用403 [英] Email Audit API - 403 Forbidden
问题描述
我正在尝试使用电子邮件审核API下载用户的邮箱.我收到此代码的403禁止响应(错误发生在最后一行,对UploadPublicKey方法的调用):
I am trying to download a user's mailbox using the Email Audit API. I am getting a 403 Forbidden response to this code (the error occurs on the last line, the call to the UploadPublicKey method):
var certificate = new X509Certificate2(System.Web.HttpRuntime.AppDomainAppPath + "key.p12", "notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { "https://apps-apis.google.com/a/feeds/compliance/audit/" }
}.FromCertificate(certificate));
credential.RequestAccessTokenAsync(System.Threading.CancellationToken.None).Wait();
DebugLabel.Text = credential.Token.AccessToken;
var requestFactory = new GDataRequestFactory("My App User Agent");
requestFactory.CustomHeaders.Add(string.Format("Authorization: Bearer {0}", credential.Token.AccessToken));
AuditService aserv = new AuditService(strOurDomain, "GoogleMailAudit");
aserv.RequestFactory = requestFactory;
aserv.UploadPublicKey(strPublicKey);
我已经在开发人员控制台中创建了服务帐户,并授予了客户ID访问
I have created the service account in the Developers Console and granted the Client ID access to https://apps-apis.google.com/a/feeds/compliance/audit/ in the Admin console.
在我看来,该帐户应该具有所需的所有权限,但没有.知道我缺少什么吗?
Seems to me like the account should have all the permissions it needs, yet it doesn't. Any idea what I am missing?
推荐答案
好,所以我放弃了尝试使其与服务帐户一起使用的方法,即使那是Google的文档会导致您认为这是正确的方法做吧.通过电子邮件向Google支持小组发送电子邮件后,我了解到我可以将OAuth2用于在开发人员控制台上创建应用程序的超级用户帐户.
OK, so I gave up on trying to make it work with a service account even though that is what Google's documentation would lead you to believe is the correct way to do it. After emailing Google support, I learned I could just use OAuth2 for the super user account that created the application on the developer's console.
因此,我接着按照以下概述的过程来获取用于脱机访问的访问令牌(刷新令牌): 带有OAuth的Youtube API单用户方案(上传视频) 然后获取该刷新令牌并将其与以下代码配合使用:
So then I worked on getting an access token for offline access (a refresh token) by following the process outlined here: Youtube API single-user scenario with OAuth (uploading videos) and then taking that refresh token and using it with this code:
public static GOAuth2RequestFactory RefreshAuthenticate(){
OAuth2Parameters parameters = new OAuth2Parameters(){
RefreshToken = "<YourRefreshToken>",
AccessToken = "<AnyOfYourPreviousAccessTokens>",
ClientId = "<YourClientID>",
ClientSecret = "<YourClientSecret>",
Scope = "https://apps-apis.google.com/a/feeds/compliance/audit/",
AccessType = "offline",
TokenType = "refresh"
};
OAuthUtil.RefreshAccessToken(parameters);
return new GOAuth2RequestFactory(null, "<YourApplicationName>", parameters);
}
这是此处的代码 https://stackoverflow.com/a/23528629/5215904 (除非我更改了倒数第二行...无论出于何种原因,共享的代码在我进行更改之前都无法起作用.
which is code from here https://stackoverflow.com/a/23528629/5215904 (Except I changed the second to last line... for whatever reason the code shared did not work until I made that change).
因此,我终于可以为自己获取访问令牌,该令牌使我可以访问Email Audit API.一旦我停止尝试弄乱服务帐户,一切就变得轻而易举.
So there I was finally able to get myself an access token that would allow me access to the Email Audit API. From there everything was a breeze once I stopped trying to mess around with a service account.
这篇关于电子邮件审核API-禁止使用403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!