小贝子编程

谷歌API-使用服务目录



我在Google API控制台中有一个应用程序。它启用了Admin SDK,还启用了Marketplace SDK。我已经将其注册为服务帐户,并且我有密钥文件等。当我试图从某个域获取用户时,它总是向我显示一条消息——"调用get时出错https://www.googleapis.com/admin/directory/v1/users?domain=mydomain.com:(403)无权访问此资源/api"。我的代码是:

    $client = new Google_Client();
    $client->setApplicationName("Client_User_Feed");            
    $key = file_get_contents('/path/to/key/key-file-privatekey.p12');
    $cred = new Google_Auth_AssertionCredentials(
        '{code}@developer.gserviceaccount.com',
        array('https://www.googleapis.com/auth/admin.directory.user'),
        $key
    );
    $client->setAssertionCredentials($cred);
    $service = new Google_Service_Directory($client);           
    $users = $service->users->listUsers(array('domain' => 'mydomain.com'));

我该如何解决这个问题?

您需要用以下内容模拟管理员用户:

$adminUser = 'admin@domain.com'; $cred->sub = $adminUser;

获取用户ID的示例代码:

$client_id = '{code}.apps.googleusercontent.com';  //Client ID from Developers Console
$service_account_name = '{code}@developer.gserviceaccount.com'; //Email Address from Developers Console
$key_file_location = '{path}{file}.p12';    //Path to the P12 key downloaded from Developers Console
$impersonateUser = 'standarduser@domain.com';   //The user's account we are fetching information from   
    try {
    $client = new Google_Client();  //Instantiate the Google Client
    $client->setApplicationName("ApplicationName");
    $adminService = new Google_Service_Directory($client);
    $key = file_get_contents($key_file_location);
    $cred = new Google_Auth_AssertionCredentials(  //Instantiate the Auth class
        $service_account_name,
        array('https://www.googleapis.com/auth/admin.directory.user'),         //Set the scope
        $key
    );
    $adminUser = 'admin@domain.com';
    $cred->sub = $adminUser;  //The sub function of Auth lets us impersonate a user so that our service account ($client_id) can act on the user's behalf
    $client->setAssertionCredentials($cred);
    if ($client->getAuth()->isAccessTokenExpired()) {
        $client->getAuth()->refreshTokenWithAssertion($cred);
    }
    $getUser = getUserId($adminService, $impersonateUser);
    $impersonateUser = $getUser['primaryEmail'];
    if (isset($impersonateUser) && !empty($impersonateUser)) {
        $_SESSION['gmailUserID'] = $impersonateUser;
    }   
    //echo $_SESSION['gmailUserID'] . "<br />";
    } catch (Exception $e) {
        LogErr($e);
    }
function getUserId($adminService, $impersonateUser) {
    try {
    $userId = $adminService->users->get($impersonateUser);
    return $userId;
    } catch (Exception $e) {
    LogErr($e);
    }
}

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium