获取403 - 禁止Google服务帐户 [英] Getting a 403 - Forbidden for Google Service Account

问题描述

我正尝试为Google服务帐户获取访问令牌。以下是我的代码 -

I am trying to get an access token for Google Service Account. Following is my code -

String SERVICE_ACCOUNT_EMAIL = "edited@developer.gserviceaccount.com";
List scope = new ArrayList();
scope.add("https://www.googleapis.com/auth/admin.directory.user");
String keyFile = "C:\\edited-privatekey.p12";
HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
JsonFactory JSON_FACTORY = new JacksonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(scope)
.setServiceAccountPrivateKeyFromP12File(new java.io.File(keyFile))
.build();

credential.refreshToken();
String accessTokens = credential.getAccessToken();

尽管代码工作正常，我确实得到了一个访问令牌，当我尝试使用它来'使用Google Directory API GET'Google Apps用户，我收到403 - Forbidden响应代码。有人可以帮忙吗？

我知道GET用户的代码是正确的，因为它可以与Google Apps管理员生成的访问令牌一起使用。

Although the code works fine and I do get an access token, when I try to use it to 'GET' a Google Apps User using the Google Directory APIs, I get a 403 - Forbidden response code. Could someone please help?
I know the code for GET user is correct because it works fine with the access token generated by Google Apps Admin.

推荐答案

您需要设置一个管理帐户：

You need to set an admin account with:

.setServiceAccountUser(some_admin_email)

并确保您的应用程序（具有正确的作用域）在cPanel中被授予访问权。

And make sure your App (with the correct scopes) is granted access in the cpanel.

这篇关于获取403 - 禁止Google服务帐户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！