堆栈内存溢出
  简体   繁体   English

尝试使用Google Directory API和服务帐户身份验证时收到错误“未授权访问此资源/ api”

[英]Received error “Not Authorized to access this resource/api” when trying to use Google Directory API and Service Account Authentication

 原文  2013-09-09 20:17:40       python/ google-apps/ google-admin-sdk

问题描述

I'm really struggling with trying to use Service Account authentication to use the Google Directory API (Admin SDK). 我真的很难尝试使用服务帐户身份验证来使用Google Directory API(Admin SDK)。

Using client based three legged OAuth this works (tested here - https://developers.google.com/admin-sdk/directory/v1/reference/members/insert ) but there's a problem with the permission delegation to the service account I am using. 使用基于客户端的三脚架OAuth可以正常运行(在此处测试 - https://developers.google.com/admin-sdk/directory/v1/reference/members/insert )但是我对服务帐户的权限委派存在问题使用。 Under the Google Apps administration, I enabled using APIs and added the service account to the list of allowed OAuth clients as instructed. 在Google Apps管理下,我启用了API,并按照说明将服务帐户添加到允许的OAuth客户端列表中。

Here is the code: 这是代码: 

import httplib2
import sys

from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials

credentials = SignedJwtAssertionCredentials(
    '<KEY>@developer.gserviceaccount.com',
    '<KEY DATA>',
    scope='https://www.googleapis.com/auth/apps.groups.settings https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.group.member'
)
http = httplib2.Http()
http = credentials.authorize(http)

service = build("admin", "directory_v1", http=http)
groups = service.groups()
g = groups.get(groupKey="<GROUP NAME>").execute()

Eventually, I get the following error: 最终,我收到以下错误: 

apiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/admin/directory/v1/groups/<GROUP NAME>?alt=json returned "Not Authorized to access this resource/api">

I tried using the following API as well: 我也尝试使用以下API: 

service = build("groupssettings", "v1", http=http)

But this returns an error as well - "Backend Error". 但这也会返回错误 - “后端错误”。

1 个解决方案

解决方案1
 17 已采纳  2013-09-09 20:54:28

Even though you're using a Service Account you still need to act on behalf of a Google Apps user in the instance that has the proper admin permissions. 即使您使用的是服务帐户,您仍需要代表具有适当管理权限的实例中的Google Apps用户。 Try doing: 尝试做: 

credentials = SignedJwtAssertionCredentials(
  '<KEY>@developer.gserviceaccount.com',
  '<KEY DATA>',
  scope='https://www.googleapis.com/auth/apps.groups.settings https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.group.member',
  sub='super-admin@yourdomain.com'
)

where super-admin@yourdomain.com is a super administrator in your Google Apps account. super-admin@yourdomain.com是您的Google Apps帐户中的超级管理员。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 尝试使用 Google Directory API 和 OAuth2.0 时收到错误“未授权访问此资源/api” - Received error “Not Authorized to access this resource/api” when trying to use Google Directory API and OAuth2.0 403错误“未授权访问此资源/ api”甚至是管理员,Web应用程序中的Google Admin SDK - 403 error “Not Authorized to access this resource/api” Google Admin SDK in web app even being admin 尝试使用 Google 时出错 Gmail API - Error when trying to use Google Gmail API Google API服务帐户 - Google API Service Account 尽管 Google 帐户是所有者,但来自 Google 身份验证 web api 的“错误 403:access_denied” - “Error 403: access_denied” from Google authentication web api despite google account being owner 我是否需要Google Directory API的服务帐户? - Do I need a service account for Google Directory API? 使用 Google Directory API 创建新的 Google 帐户时出错 - Error on creating a new google account using Google Directory API 使用服务帐户从谷歌日历 API 将共享日历插入我的列表时,访问角色出现问题 - Trouble with access role when inserting shared calendar to my list from google calendar API using service account Google Calendar API - 通过服务帐户访问自己的日历 - Google Calendar API - Access own calendar via Service account Google Analytics Embed API服务帐户访问令牌 - Google Analytics Embed API Service Account Access Token
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM