[英]Using Google API Python client with SignedJwtAssertionCredentials
I am trying to get a list of users from Google using google_api_python_client-1.4.0. 我正在尝试使用google_api_python_client-1.4.0从Google获取用户列表。 I getting the access_denied error even through I have domain wide delegation authority.
即使我具有域范围的委托权限,也遇到了access_denied错误。
Interesting thing is that.. when I use the same certificate/credentials with .net client library, it works. 有趣的是,当.net客户端库使用相同的证书/凭证时,它可以工作。
The error I am getting is File "/Library/Python/2.7/site-packages/oauth2client-1.4.6-py2.7.egg/oauth2client/client.py", line 807, in _do_refresh_request oauth2client.client.AccessTokenRefreshError: access_denied: Requested client not authorized. 我得到的错误是文件“ /Library/Python/2.7/site-packages/oauth2client-1.4.6-py2.7.egg/oauth2client/client.py”,行807,在_do_refresh_request oauth2client.client.AccessTokenRefreshError中:access_denied :请求的客户未获得授权。
# Load the key in PKCS 12 format that you downloaded from the Google API
# Console when you created your Service account.
f = file('Gkeys/87ty8g87-privatekey.p12', 'rb')
key = f.read()
f.close()
# Create an httplib2.Http object to handle our HTTP requests and authorize it
# with the Credentials. Note that the first parameter, service_account_name,
# is the Email address created for the Service account. It must be the email
# address associated with the key that was created.
credentials = SignedJwtAssertionCredentials(
'889h98h98h98h98h9lurk@developer.gserviceaccount.com',
key,
scope=['https://www.googleapis.com/auth/admin.directory.group.readonly','https://www.googleapis.com/auth/admin.directory.user.readonly'],
private_key_password='notasecret',
sub='admin.user@domain.com'
)
http = httplib2.Http()
http = credentials.authorize(http)
directory_service = build('admin', 'directory_v1', http=http)
all_users = []
page_token = None
params = {'groupKey': 'groupname@domain.com'}
while True:
try:
if page_token:
params['pageToken'] = page_token
#current_page = directory_service.users().list(**params).execute()
#current_page = directory_service.members().list(**params).execute()
current_page = directory_service.members().list(groupKey='groupname@domain.com').execute()
all_users.extend(current_page['users'])
page_token = current_page.get('nextPageToken')
if not page_token:
break
except errors.HttpError as error:
print 'An error occurred: %s' % error
break
for user in all_users:
print user['primaryEmail']
Are you sure the scopes you authorized in the control panel exactly match those you're requesting here? 您确定在控制面板中授权的范围与您在此处要求的范围完全匹配吗? If you authorized the read/write scope and are using the readonly scope here I believe that would cause your error.
如果您授权了读/写作用域并且在这里使用了只读作用域,我相信这会导致您的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.