当调用users().list()。execute()时,Google Directory API返回Not Authorized [英] Google Directory API returns Not Authorized when call users().list().execute()

查看:93
本文介绍了当调用users().list()。execute()时,Google Directory API返回Not Authorized的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述



因此,我去了我的Google API控制台并启用了 Admin SDK ,并创建了服务帐户以调用Google API。我使用以下Google库




  • google-api-services-admin-directory_v1-rev11-1.16.0-rc.jar

  • google-api-client-1.16.0-rc.jar



我的代码是

  / * 
 * JSON工厂的全局实例。 
 * / 
 final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance(); 
 / * 
 HTTP传输的全局实例。 
 * / 
 HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport(); 
 
集合< String> scopeList = new ArrayList<>(); 
 scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_USER); 
 scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_GROUP); 
 scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_GROUP_MEMBER); 
 
 GoogleCredential凭证=新的GoogleCredential.Builder()
 .setTransport(httpTransport)
 .setJsonFactory(JSON_FACTORY)
 .setServiceAccountId(nnnnnn@developer.gserviceaccount.com )
 .setServiceAccountScopes(scopeList)
 .setServiceAccountPrivateKeyFromP12File(new File(/ Path / To / KeyFile / nnnnn-privatekey.p12))
 // .setServiceAccountUser(admin @ mydomain .org)
 .build(); 
 
 Directory admin = new Directory.Builder(httpTransport,JSON_FACTORY,凭证)
 .setApplicationName(Test)
 .setHttpRequestInitializer(凭证).build(); 
 
 
用户users = admin.users()。list()。setDomain(mydomain.org)。execute();

我收到最后一行
< 

  {
code:403,
错误:[{
domain:global,
message:Not Authorized to access this resource / api,
reason:forbidden
}],
message:未授权访问此资源/ api
} 
,位于com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException。 java:145)
,位于com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
位于com.google.api.client.googleapis.services。 json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
,位于com.google.api.client.googleapis.services.AbstractGoogleClientRequest $ 1.interceptResponse(AbstractGoogleClientRequest.java:312)
,位于com.google.api .client.http。 HttpRequest.execute(HttpRequest.java:1045)
,com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
,位于com.google.api.client。 googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
,位于com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)
  .setServiceAccountUser(admin@mydomain.org)),那么我得到一个不同的错误
 线程maincom.google.api.client.auth.oauth2中的异常。 TokenResponseException:400错误请求
 {
错误:access_denied
} 
,位于com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java :105)
 at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
 at com。 google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
,位于com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:269)
 at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
 at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java :217)
,位于com.google.api.client.http.HttpRequest.execute(HttpRequest.java:858)
位于com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest .java:410)
,位于com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
位于com.google.api.client.googleapis.services.AbstractGoogleClientRequest .execute(AbstractGoogleClientRequest.java:460)
  
我的帐户(admin@mydomain.org)是一个<强>超级管理员。我怀疑需要为用户API范围授予服务帐户访问权限。但我无法找到我可以授予此权限的位置。我有我的Google CPanel的经典用户界面模式。我没有在高级工具中的管理客户端API访问权限页面。 
 
 
  
 
 
 
另外我不确定我应该在 .setApplicationName( 测试)
 
 
 
感谢您的帮助 
 
解决方案
您可以转到管理控制台中的安全设置(admin.google.com/AdminHome?chromeless=1&pli=1#SecuritySettings :);然后点击高级设置>管理第三方OAuth客户端访问。之后,将您的客户端ID(在oath2的API访问下从appconsole code.google.com/apis/console生成)和一个或多个API范围映射。在那里使用逗号分隔的范围。对于google目录,您可以使用 https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user  
 
 
 
希望它可以工作:)
 
I need to read the list of users (and groups) from my google domain.



So I went to my Google APIs Console and enabled Admin SDK and created a Service Account to call Google APIs. I use the following google libraries



    

  • google-api-services-admin-directory_v1-rev11-1.16.0-rc.jar
    • 

  • google-api-client-1.16.0-rc.jar
    • 




My code is
     /*
     * Global instance of the JSON factory.
     */
    final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
     /*
      Global instance of the HTTP transport.
     */
        HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();

        Collection<String> scopeList = new ArrayList<>();
        scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_USER);
        scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_GROUP);
        scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_GROUP_MEMBER);

        GoogleCredential credential = new GoogleCredential.Builder()
                .setTransport(httpTransport)
                .setJsonFactory(JSON_FACTORY)
                .setServiceAccountId("nnnnnn@developer.gserviceaccount.com")
                .setServiceAccountScopes(scopeList)
                .setServiceAccountPrivateKeyFromP12File(new File("/Path/To/KeyFile/nnnnn-privatekey.p12"))
//                .setServiceAccountUser("admin@mydomain.org")
                .build();

        Directory admin = new Directory.Builder(httpTransport, JSON_FACTORY, credential)
                .setApplicationName("Test")
                .setHttpRequestInitializer(credential).build();


        Users users = admin.users().list().setDomain("mydomain.org").execute();

And I receive this on the last line



Error
{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Not Authorized to access this resource/api",
    "reason" : "forbidden"
  } ],
  "message" : "Not Authorized to access this resource/api"
}
    at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:145)
    at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
    at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:312)
    at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1045)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)

If I uncomment the commented line (.setServiceAccountUser("admin@mydomain.org")) then I get a different error
    Exception in thread "main" com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
  "error" : "access_denied"
}
    at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
    at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
    at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
    at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:269)
    at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
    at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217)
    at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:858)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
    at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)

My account (admin@mydomain.org) is a super administrator. I suspect the Service Account needs to be granted access for the users API scope. But I can not find where I can grant this access. I have a classic UI mode of my Google CPanel. And I don't have "Manage client API access" page in the Advanced tools.






Also I'm not sure what I should use as an Application Name at .setApplicationName("Test").



Thanks for any help
 解决方案 
you can go to "security" settings in the admin console (admin.google.com/AdminHome?chromeless=1&pli=1#SecuritySettings:); then click on advance settings > Manage third party OAuth Client access. After this map your client id(generated from appconsole code.google.com/apis/console under API access for oath2) and "One or More API Scopes". Use comma separated scopes as mentioned there. For google directory you can use https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user



Hope after this it works :)


                        
这篇关于当调用users().list()。execute()时,Google Directory API返回Not Authorized的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆