Google Directory API 403请求所有帐户用户时权限错误不足 [英] Google Directory API 403 Insufficient Permission errors when requesting all account users

问题描述

我尝试使用java Directory API按照 Google文档，但是我始终得到403许可错误。

使用Java SDK我的代码如下所示，403执行失败：

  Directory directory = new Directory.Builder（TRANSPORT，JSON_FACTORY，getCredential （））setApplicationName（PRODUCT_FULL_NAME）.build（）; 
 
 Directory.Users.List list = directory.users（）。list（）; 
 list.setCustomer（my_customer）; 
 com.google.api.services.admin.directory.model.Users users = list.execute（）; 
  

在我的App Engine API控制台中，我打开了Admin SDK并设置了权限来请求以下授权范围（以控制台和编程方式）。

https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.user.readonly

我没有使用服务帐户，但授权为超级管理员。通过管理控制台，我启用了API访问权限。

使用试试表单功能。但是，即使我调整我的代码来执行HTTP获取而不是使用Java Directory API，我仍然会收到403错误。

我正在用这个。有谁知道我可能做错了什么？任何指针都会非常感谢。

解决方案

b $ b

我一直在扩展一个应用程序来提供这个新功能和测试用户，我以前登录过。我正在使用应用程序引擎将凭据保留在应用程序引擎凭证存储中。在方法授权方面，我们使用了旧的缓存凭证，而不是刚刚通过身份验证的凭证。

刷新应用程序引擎memcache并从凭证存储中删除凭证可解决问题。 / p>

I am trying to use the java Directory API to return a list of all the users in an account following the method outlined in the Google Documentation, however I consistently get 403 permission errors.

Using the Java SDK my code looks like this, which 403 fails on the execute:

Directory directory = new Directory.Builder(TRANSPORT, JSON_FACTORY, getCredential()).setApplicationName(PRODUCT_FULL_NAME).build();

Directory.Users.List list = directory.users().list();
list.setCustomer("my_customer");
com.google.api.services.admin.directory.model.Users users = list.execute();

In my App Engine API console I have turned the Admin SDK on and I have permissions set to request the following scopes on authorization (in the console and programatically).

https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.user.readonly

I am not using a service account, but authorizing as a "super admin". Through the Admin Console I have enabled API access.

Getting a list using the "try it" form feature provided by Google works. However even if I adapt my code to do a HTTP get rather than using the java Directory API I still get 403 errors.

I am going around and around the houses with this. Does anyone know what I may be doing wrong? Any pointers would be really appreciated.

解决方案

Argh I have fallen foul of credential caching!

I had been extending an app to provide this new functionality and testing with a user I had previously logged in as. I was using app engine to persist credentials in the app engine credential store. On method authorization the old cached credentials we being used rather than the freshly authenticated ones.

Flushing the app engine memcache and deleting the credentials from the credential store resolved the issue.

这篇关于Google Directory API 403请求所有帐户用户时权限错误不足的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！