Google AppEngine + PHP + Google Cloud数据存储：接收未经授权

Question

I have a PHP application running at Google App Engine and I want to use the App Engine's datastore in it.

I am using the google-api-php-client, and at the Google Cloud Console I've enabled the Google Cloud Datastore API, and registered a new app, downloading the private certificate.

For the authentication, I'm using the following code ( xxxx has the real values):

const SERVICE_ACCOUNT_NAME = 'xxxx@developer.gserviceaccount.com';
const KEY_FILE = 'secure/privatekey.p12';

$client = new Google_Client();
$key = file_get_contents ( KEY_FILE );

$client->setAssertionCredentials (
    new Google_AssertionCredentials ( 
        SERVICE_ACCOUNT_NAME, 
        array (
            'https://www.googleapis.com/auth/userinfo.email',
            'https://www.googleapis.com/auth/datastore' 
        ), 
        $key 
    ) 
);

$service = new Google_DatastoreService ( $client );
$datasets = $service->datasets;

Whichever operation I use in $datasets , like $datasets->lookup , I receive an exception stating that the operation is Unauthorized:

Uncaught exception 'Google_ServiceException' with message 'Error calling POST https://www.googleapis.com/datastore/v1beta1/datasets/<my-appengine-id>/lookup: (403) Unauthorized.'

What might be wrong?

Answer 1

I believe you are hitting the following limitation: service account authorization doesn't work with domain-restricted App Engine application .

So you can either comment on the issue to get your application whitelisted, keep in mind that it can allow account outside of your domain to auth with your application using OAuth depending on how your application is built.