Python Google Admin SDK 403错误

Question

I am attempting to retrieve all the members of a group but am receiving an error.

Here is my code:

# -*- coding: utf-8 -*-

from __future__ import print_function
import httplib2
import os

from apiclient import discovery
import oauth2client
from oauth2client import client
from oauth2client import tools

try:
    import argparse
    flags = argparse.ArgumentParser(parents=[tools.argparser]).parse_args()
except ImportError:
    flags = None

# If modifying these scopes, delete your previously saved credentials
# at ~/.credentials/admin-directory_v1-python-quickstart.json
SCOPES = 'https://www.googleapis.com/auth/admin.directory.group.member.readonly'
CLIENT_SECRET_FILE = 'client_secret.json'
CRED_SAVE = 'cred_save.json'
APPLICATION_NAME = 'Directory API Python Quickstart'


def get_credentials():
    """Gets valid user credentials from storage.

    If nothing has been stored, or if the stored credentials are invalid,
    the OAuth2 flow is completed to obtain the new credentials.

    Returns:
        Credentials, the obtained credential.
    """
    home_dir = os.path.expanduser('~')
    credential_dir = os.path.join(home_dir, '.credentials')
    if not os.path.exists(credential_dir):
        os.makedirs(credential_dir)
    credential_path = os.path.join(credential_dir,
                                   CRED_SAVE)

    store = oauth2client.file.Storage(credential_path)
    credentials = store.get()
    if not credentials or credentials.invalid:
        flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
        flow.user_agent = APPLICATION_NAME
        if flags:
            credentials = tools.run_flow(flow, store, flags)
        else: # Needed only for compatibility with Python 2.6
            credentials = tools.run(flow, store)
        print('Storing credentials to ' + credential_path)
    return credentials

def get_remote_users(service, http, group="all.faculty@myorg.jp"):
    request = service.members().list(groupKey=group).execute()


def main():
    """Shows basic usage of the Google Admin SDK Directory API.

    Creates a Google Admin SDK API service object and outputs a list of first
    10 users in the domain.
    """

    credentials = get_credentials()
    http = credentials.authorize(httplib2.Http())
    service = discovery.build('admin', 'directory_v1', http=http)

    users = get_remote_users(service, http)

    if not users:
        print('No users in the domain.')
    else:
        print('Users:')
        for user in users:
            print('{0} ({1})'.format(user['primaryEmail'],
                user['name']['fullName']))


if __name__ == '__main__':
    main()

Here is the error:

Traceback (most recent call last):
  File "/Users/user/Documents/workspace/module/groups_members.py", line 84, in <module>
    main()
  File "/Users/user/Documents/workspace/module/groups_members.py", line 72, in main
    users = get_remote_users(service, http)
  File "/Users/user/Documents/workspace/module/groups_members.py", line 58, in get_remote_users
    request = service.members().list(groupKey=group).execute()
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/oauth2client/util.py", line 137, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/googleapiclient/http.py", line 832, in execute
    raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/admin/directory/v1/groups/all.faculty%40myorg.jp/members?alt=json returned "Insufficient Permission">

Any idea why I'm getting a 403 error? As far as I know I'm in the right scope and I have the correct json auth file stored. I can also do other things like list users with this code and not receive a 403 error.

Perhaps there's some extra authentication I need to do.

Any help would be much appreciated.

Cheers

Answer 1

I obviously can't read.

Solved this by deleting credentials from ~/.credentials/