[英]Error 403: Error sending test message to Cloud PubSub: User not authorized to perform this action
I want to set up a push notification watch but I receive an error response.我想设置推送通知手表,但收到错误响应。 What authorization I need?我需要什么授权?
Request:请求:
// Google API
$client = getClient();
// POST request
$ch = curl_init('https://www.googleapis.com/gmail/v1/users/me/watch');
curl_setopt_array($ch, array(
CURLOPT_POST => TRUE,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_HTTPHEADER => array(
'Authorization: Bearer ' . $client->getAccessToken()['access_token'],
'Content-Type: application/json'
),
CURLOPT_POSTFIELDS => json_encode(array(
'topicName' => 'projects/xxxx/topics/xxxx',
'labelIds' => ["INBOX"]
))
));
Response:回应:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
],
"code": 403,
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
}
More details:更多详情:
GMAIL_READONLY
.使用的范围是GMAIL_READONLY
。From the page: https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic从页面: https : //developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic
Cloud Pub/Sub requires that you grant Gmail privileges to publish notifications to your topic. Cloud Pub/Sub 要求您授予 Gmail 权限以向您的主题发布通知。
To do this, you need to grant publish privileges to serviceAccount:gmail-api-push@system.gserviceaccount.com.为此,您需要向 serviceAccount:gmail-api-push@system.gserviceaccount.com 授予发布权限。 You can do this using the Cloud Pub/Sub Developer Console permissions interface following the resource-level access control instructions.您可以按照资源级访问控制说明使用 Cloud Pub/Sub 开发者控制台权限界面执行此操作。
(emphasis added) (强调)
You have to grant permission to topics.您必须授予主题权限。 Go to your topics list Or click on the below link https://console.cloud.google.com/cloudpubsub/topic .转到您的主题列表或单击以下链接https://console.cloud.google.com/cloudpubsub/topic 。
Then click on your topic然后点击你的主题
Then in right side permission tab, click on the ADD MEMBER button然后在右侧的权限选项卡中,单击添加成员按钮
Then enter the new member email or If your App have multiple user then you can enter allUsers .然后输入新成员电子邮件或如果您的应用程序有多个用户,则您可以输入allUsers 。 Then Select the role Pub/Sub Publisher and click on the Save button.然后选择角色Pub/Sub Publisher并单击Save按钮。
Note: This will make your topic public.注意:这将使您的主题公开。
dont add allAuthenticatedUsers
or allUsers
, that will make your topic public.不要添加allAuthenticatedUsers
或allUsers
,这将使您的主题公开。 You might have seen this warning您可能已经看到此警告
This resource is public and can be accessed by anyone on the internet.该资源是公开的,互联网上的任何人都可以访问。 To remove public access, remove "allUsers" and "allAuthenticatedUsers" from the resource's members.要删除公共访问,请从资源的成员中删除“allUsers”和“allAuthenticatedUsers”。
Instead add gmail-api-push@system.gserviceaccount.com
.而是添加gmail-api-push@system.gserviceaccount.com
。 this will work.这会起作用。 Reference : https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic参考: https : //developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.