非管理员用户的google admin SDK [英] google admin SDK for non admin-user
问题描述
- 我在开发者控制台中创建了Google应用.
- 启用管理SDK
- 启用API访问权限
- 在管理OAuth客户端访问"中,我添加了授权的API客户端" " https://www.googleapis.com/auth/admin.directory.user"范围.
- I created google app in developer console.
- Enable Admin SDK
- Enable API access
- In "Manage OAuth Client access" i added "Authorized API client" with "https://www.googleapis.com/auth/admin.directory.user" scope.
此外,我想从我的域中吸引用户.
Further, i want to get users from my domain.
JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
ArrayList<String> scopeList = new ArrayList<>();
scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_USER_READONLY);
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("bla-bla@developer.gserviceaccount.com")
.setServiceAccountScopes(scopeList)
.setServiceAccountPrivateKeyFromP12File(new File("p12 file")))
.setServiceAccountUser("superadmin@my-domain.com")
.build();
credential.setAccessToken("access token of current google user");
Directory admin = new Directory.Builder(httpTransport, JSON_FACTORY, credential)
.setApplicationName("Capsidea")
.setHttpRequestInitializer(credential).build();
return admin.users().list().setDomain("my-domain.com").execute();
当我通过superadmin@my-domain.com通过OAuth登录到Google时,所有功能都可以正常使用. 但是,当我通过some-user-non-admin@my-domain.com登录时,出现错误: 未授权访问此资源/api"
All it's working when i login into google via OAuth by superadmin@my-domain.com. But when i logined by some-user-non-admin@my-domain.com i have the error: "Not Authorized to access this resource/api"
非管理员用户可以获取域中所有用户的列表吗? 当域更改时,鉴于必须指定superadmin'a,因此此代码将起作用. 有什么想法吗?
Can an non admin user to get a list of all users in the domain? When the domain change this code will work given that it is necessary to specify superadmin'a ? Any ideas?
推荐答案
setServiceAccountUser需要能够使用Admin API的用户(有一个细粒度的角色配置工具).
setServiceAccountUser needs a user capable of Admin API usage (there is a fine-grained role configuration tool).
请声明需要这样的用户才能使您的代码正常工作.
Do state that such a user is needed for your code to work.
这篇关于非管理员用户的google admin SDK的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!