小贝子编程

Google Admin API - 使用 JSON 的服务帐号 - 403 禁止错误



我正在尝试使用Java代码中的服务帐户和JSON密钥文件为用户进行谷歌管理员api调用。

  1. 服务帐号已启用全网域委派。
  2. 客户端 ID 已授权用于范围 - https://www.googleapis.com/auth/admin.directory.user

我仍然收到错误:

Unknown Exception : com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
PUT https://www.googleapis.com/admin/directory/v1/users/testUser@domain.com
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Not Authorized to access this resource/api",
"reason" : "forbidden"
} ],
"message" : "Not Authorized to access this resource/api"
}

我已经尝试了一段时间了..请在这里帮忙 这是代码 -

GoogleCredentials credentials;
try (FileInputStream serviceAccountStream = new FileInputStream(CREDENTIALS_FILE_PATH)) {
credentials = ServiceAccountCredentials.fromStream(serviceAccountStream);
}
List < String > scopes = new ArrayList < String > ();
scopes.add("https://www.googleapis.com/auth/admin.directory.user");
credentials = credentials.createScoped(scopes);
// Build a new authorized API client service.
//final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
/*Directory service = new Directory.Builder(HTTP_TRANSPORT, JSON_FACTORY, getCredentials(HTTP_TRANSPORT))
.setApplicationName(APPLICATION_NAME)
.build();*/
HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(credentials);
/*Directory service = new Directory.Builder(HTTP_TRANSPORT, JSON_FACTORY, credentials)
.setApplicationName(APPLICATION_NAME)
.build();*/
Directory service = new Directory.Builder(new NetHttpTransport(), JacksonFactory.getDefaultInstance(), requestInitializer).setApplicationName "APPLICATION_NAME").build();
User user = new User();
user.setSuspended(true);
user.setSuspensionReason("Worker on Leave");
Directory.Users.Update result = null;
result = service.users().update(workerEmailId, user);
user = result.execute();
if (user == null || user.size() == 0) {
System.out.println("No user updated.");
} else {
System.out.println("User:");
System.out.println(user.getName().getFullName());
System.out.println("User Status for Suspension :");
System.out.println(user.getSuspended());
}
}
  • 目录 API 只能由管理员使用
  • 服务帐户不是管理员

  • 如果服务帐户应代表管理员操作,则需要

    • 启用 G Suite 全网域授权(如您之前所做的那样(

    • 通过将用户设置为模拟来模拟服务帐户作为管理员

    • 在Java中,你需要构建一个GoogleCredential,指定ServiceAccountIdPrivateKeyServiceAccountUser

文档中的示例:

GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(emailAddress)
.setServiceAccountPrivateKeyFromP12File(new File("MyProject.p12"))
.setServiceAccountScopes(Collections.singleton(YOUR SCOPE))
.setServiceAccountUser("EMAIL OF THE ADMIN")
.build();

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium