[英]Cannot Authorize my Service Account to use the Domain Shared contacts API
I'm trying to impersonate a super admin account to use the shared contacts API to create new contacts in a directory, after using the gdata client library I couldn't authorize my request even tho I used the same method I used to authorize another API call but for the Directory API instead of the Domain Shared Contacts.我正在尝试冒充超级管理员帐户以使用共享联系人 API 在目录中创建新联系人,使用 gdata 客户端库后,即使我使用与授权另一个 API 相同的方法,我也无法授权我的请求调用目录 API 而不是域共享联系人。
Here is my code:这是我的代码:
from googleapiclient.discovery import build
from oauth2client.service_account import ServiceAccountCredentials
import gdata.contacts
import gdata.contacts.data
import gdata.contacts.client
import atom
class TestView(APIView):
SERVICE_ACCOUNT_EMAIL = (
"x-serviceaccount@x.iam.gserviceaccount.com"
)
SERVICE_ACCOUNT_PKCS12_FILE_PATH = "C:\\Users\\Hoda\\Desktop\\xtools\\x\\Backend\\x-x.p12"
def get(self, request, *args, **kwargs):
credentials = ServiceAccountCredentials.from_p12_keyfile(
self.SERVICE_ACCOUNT_EMAIL,
self.SERVICE_ACCOUNT_PKCS12_FILE_PATH,
"notasecret",
scopes=[
'https://www.googleapis.com/auth/admin.directory.user',
'https://www.googleapis.com/auth/admin.directory.user.security',
'https://www.googleapis.com/auth/admin.directory.group',
'https://www.google.com/m8/feeds/contacts/'
],
)
gd_client = gdata.contacts.client.ContactsClient()
credentials = credentials.create_delegated('admin@admin.com')
service = build('admin', 'something', credentials=credentials)
#while using the directory API I wrote directory_v1 instead of
#something and now I have no
#idea what to write and is that even the right way to authorize
#the service account here or not
new_contact = gdata.contacts.data.ContactEntry()
new_contact.name = gdata.data.Name(
given_name=gdata.data.GivenName(text="Mohamed"),
family_name=gdata.data.FamilyName(text="Safi"),
full_name=gdata.data.FullName(text="Mohamed Safi"),
)
new_contact.content = atom.data.Content(text="Notes")
new_contact.email.append(
gdata.data.Email(
address="liz@gmail.com",
primary="true",
rel=gdata.data.WORK_REL,
display_name="E. Bennet",
)
)
new_contact.email.append(
gdata.data.Email(address="liz@example.com", rel=gdata.data.HOME_REL)
)
new_contact.phone_number.append(
gdata.data.PhoneNumber(
text="(206)555-1212", rel=gdata.data.WORK_REL, primary="true"
)
)
new_contact.phone_number.append(
gdata.data.PhoneNumber(text="(206)555-1213", rel=gdata.data.HOME_REL)
)
new_contact.im.append(
gdata.data.Im(
text="liz@gmail.com",
primary="true",
rel=gdata.data.HOME_REL,
protocol=gdata.data.GOOGLE_TALK_PROTOCOL,
)
)
new_contact.structured_postal_address.append(
gdata.data.PostalAddress(
rel=gdata.data.WORK_REL,
primary="true",
street=gdata.data.Street(text="1600 Amphitheatre Pkwy"),
city=gdata.data.City(text="Mountain View"),
region=gdata.data.Region(text="CA"),
postcode=gdata.data.Postcode(text="94043"),
country=gdata.data.Country(text="United States"),)
)
contact_entry = gd_client.create_contact(new_contact)
print("Contact's ID: %s" % contact_entry.id.text)
return Response(contact_entry)
So, now I just want to know how to authorize that service account to write data into my directory所以,现在我只想知道如何授权该服务帐户将数据写入我的目录
side note: I have given the service account all the authorization needed in my admin console旁注:我已在我的管理控制台中为服务帐户提供了所有所需的授权
I found out that using the discovery build
function is not the right way to call the create_contact()
function which is associated with the domain shared contacts API.我发现使用发现build
function 不是调用与域共享联系人 API 关联的create_contact()
function 的正确方法。 What I found out is that I can authorize my service account using the gauth
module which lies inside the gdata
library, you can import
it as follows:我发现我可以使用gdata
库中的gauth
模块授权我的服务帐户,您可以按如下方式import
它:
import gdata.gauth
after that,在那之后,
OAuth2TokenFromCredentials
class which lies inside the gauth
module to provide a way for you to use OAuth 2.0 credentials obtained for use with google-api-python-client as credentials in gdata-python-client, you can use it as follows: auth2token = gdata.gauth.OAuth2TokenFromCredentials(credentials)
使用位于gauth
模块内的OAuth2TokenFromCredentials
class 为您提供一种使用 OAuth 2.0 凭证的方法,该凭证用于 google-api-python-client 作为 gdata-python-client 中的凭证,您可以按如下方式使用它: auth2token = gdata.gauth.OAuth2TokenFromCredentials(credentials)
credentials in the code above refer to the credentials you just created using your service account email and key file.上面代码中的凭据是指您刚刚使用服务帐户 email 和密钥文件创建的凭据。
gd_client = auth2token.authorize(gd_client)
授权您的 gdata 客户端gd_client = auth2token.authorize(gd_client)
then after that, congrats you can use your gdata client to make authorized requests with your service account impersonating any admin at any workspace.然后,恭喜您可以使用您的 gdata 客户端通过您的服务帐户在任何工作区模拟任何管理员来发出授权请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.