php – Google_Service_Directory – (403)未授权访问此资源/ api

我只是使用 PHP api的实际版本的示例,并使用examples文件夹的“service-account.PHP”文件.

原始版本用于显示“Books API”,并且使用我的个人凭据配置它运行良好,但在我的xcase中,我需要通过directory.groups.get服务访问以获取Google群组邮件列表的成员帐户列表,所以我改变了原来的代码：

<?PHP

session_start();
include_once "templates/base.PHP";

/************************************************
  Make an API request authenticated with a service
  account.
 ************************************************/
require_once realpath(dirname(__FILE__) . '/../autoload.PHP');

/************************************************
 ************************************************/

// MY ACCOUNT DATA HERE
$client_id = 'xxx';
$service_account_name = 'xxx'; //Email Address 
$key_file_location = 'xxx.p12'; //key.p12
$groupKey = 'xxx';

echo pageHeader("My Service Account Access");
if ($client_id == '<YOUR_CLIENT_ID>'
    || !strlen($service_account_name)
    || !strlen($key_file_location)) {
  echo missingServiceAccountDetailsWarning();
}

$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
//$service = new Google_Service_Books($client); //ORIGINAL
$service = new Google_Service_Directory($client);

/************************************************
 ************************************************/
if (isset($_SESSION['service_token'])) {
  $client->setAccessToken($_SESSION['service_token']);
}
$authArray = array(
                'https://www.googleapis.com/auth/admin.directory.group','https://www.googleapis.com/auth/admin.directory.group.readonly','https://www.googleapis.com/auth/admin.directory.group.member','https://www.googleapis.com/auth/admin.directory.group.member.readonly'
);
$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
    $service_account_name,$authArray,//array('https://www.googleapis.com/auth/books'),//ORIGINAL
    $key
);
$client->setAssertionCredentials($cred);
if($client->getAuth()->isAccessTokenExpired()) {
  $client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();


/************************************************
 ************************************************/
//$optParams = array('filter' => 'free-ebooks'); //ORIGINAL
$optParams = array('fields' => 'id');
//$results = $service->volumes->listVolumes('Henry David Thoreau',$optParams); //ORIGINAL
$results = $service->groups->get($groupKey,$optParams);
echo "<h3>Results Of Call:</h3>";
foreach ($results as $item) {
  //echo $item['volumeInfo']['title'],"<br /> \n"; //ORIGINAL
    echo "<pre>".print_r ($item,true)."</pre>";
}

echo pageFooter(__FILE__);

无论我做什么,提供API SDK的授权,并使用刚刚在控制台开发人员的API Credentials面板中创建的文件和凭据,我收到alwais 403 错误.

这是错误堆栈：

#0 /var/www/html/google_local/google-api-PHP-client-master/src/Google/Http/REST.PHP(41): 
Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request)) 
#1 /var/www/html/google_local/google-api-PHP-client-master/src/Google/Client.PHP(546): 
Google_Http_REST::execute(Object(Google_Client),Object(Google_Http_Request)) 
#2 /var/www/html/google_local/google-api-PHP-client-master/src/Google/Service/Resource.PHP(190): 
Google_Client->execute(Object(Google_Http_Request)) 
#3 /var/www/html/google_local/google-api-PHP-client-master/src/Google/Service/Directory.PHP(1494): 
Google_Service_Resource->call('get',Array,'Google_Service_...') 
#4 /var/www/html/google_local/googl in /var/www/html/google_local/google-api-PHP-client-master/src/Google/Http/REST.PHP on line 76

有什么建议？

谢谢,
罗伯托

问题的根源是服务帐户不是域的管理员,因此无法访问Admin SDK Directory API.相反,您需要为您的服务帐户启用 domain-wide delegation,然后让服务帐户在发出请求时模拟域管理员：

$cred = new Google_Auth_AssertionCredentials(
    $service_account_name,$key
);
$cred->sub = "admin@yourdomain.com";

原文链接：https://www.f2er.com/php/134818.html

php – Google_Service_Directory – (403)未授权访问此资源/ api

猜你在找的PHP相关文章