Gmail API 域范围的委派 [英] Gmail API domain-wide delegation

问题描述

我正在使用 Gmail API，并且正在尝试从公司下的所有用户那里获取电子邮件.但是当我运行如下代码时:

I am using Gmail API and I am trying to fetch emails from all users under company. But when I run code such as:

function runAPI(auth) {
  var gmail = google.gmail('v1');
  gmail.users.threads.list({auth: auth, userId: '108800016305523828361'},'',function(err, response){
    if (err) {
      console.log("The API returned an error: " + err);
      return;
    }
    var threads = response.threads;
    console.log(threads);
  })
}

出现错误:

API 返回错误:错误:xxxx@xxxxx.com 的委托被拒绝

The API returned an error: Error: Delegation denied for xxxx@xxxxx.com

在管理控制台中我这样做了:

In admin console I did this:

我使用了 client_secret.json 文件中的 id 作为客户端名称.对于范围，我给了它所有权限.

As client name I used id from the client_secret.json file. And for scope, I gave it all permissions.

如何为 Gmail API 正确设置域范围的委派?

How do I properly setup domain wide delegation for Gmail API ?

推荐答案

设置很好，但是在您的代码中您做错了.

The setup is fine, however in your code you're doing it wrong.

此代码:

gmail.users.threads.list({auth: auth, userId: '108800016305523828361'},'',function(err, response)

gmail.users.threads.list({auth: auth, userId: '108800016305523828361'},'',function(err, response)

特别是.

userId 应该是me"但是在您可以调用 Gmail API 之前，您需要在代码中使用服务帐户JWT 流"来检索您想要使用的 Gmail 用户的 oauth2 凭据如准备进行授权的 API 调用服务帐户域中所述的访问委托文件.

userId should be "me" however before you can call the Gmail API you need to use the service account "JWT flow" in your code to retrieve an oauth2 credential for the Gmail user you want to access as described in the Preparing to make an authorized API call service account domain-wide delegation doc.

特别是这使用您的服务帐户的私钥来请求为您想要的用户获取凭据(在您的域中设置您要访问的域中的用户电子邮件setServiceAccountUser(user@example.com) 函数在请求中).然后，您可以在调用 Gmail API 时使用该 GoogleCredential.

Specifically this uses your service account's private key to request to get a credential for the user you desire (set the user's email in your domain that you want to access in the setServiceAccountUser(user@example.com) function in the request). Then you can use that GoogleCredential in your call to the Gmail API.

这篇关于Gmail API 域范围的委派的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！