[英]Authorization Error 403: access denied in Android Management API w/o using Google Cloud Project Account Credentials
當我使用 Google Cloud Project Account Credentials 登錄時,一切都像(創建新企業,應用政策,查看注冊的設備......)。 我可以輕松實現,但是當嘗試通過這些企業使用 Google_Cloud_Project_Account 創建的企業登錄時,我無法執行上述任何操作,因為我收到“403 訪問被拒絕錯誤”。
例如:我們有 Google Cloud 項目帳戶,名稱為:xyz@gmail.com 我們創建了兩個企業,如 abc@gmail.com 和 pqr@gmail.com
但是,當我們嘗試在任一企業(abc@gmail.com 或 pqr@gmail.com)中應用策略時,我們會收到如下錯誤: 錯誤 403:access_denied 開發人員未授予您訪問此應用程序的權限。 它目前正在測試中,尚未經過 Google 驗證。 如果您認為您應該有權訪問,請聯系開發人員 (xyz@gmail.com)。
因此,我可以使用 xyz@gmail.com 執行任何操作,但無法使用 xyz@gmail.com 的子企業(abc@gmail.com 或 pqr@gmail.com)執行任何操作。
為了清楚起見,我分享了我的代碼。 請讓我知道我需要更改的地方或我需要做什么。
企業發帖方式:
[GoogleScopedAuthorize(AndroidManagementService.ScopeConstants.Androidmanagement)] [HttpPost] public async Task<IActionResult> CreateEnterprise([FromServices] IGoogleAuthProvider auth) { try { EnterpriseDto enterpriseModel = new(); #region OAuthFlow // Check if the required scopes have been granted. if (await auth.RequireScopesAsync(AndroidManagementService.ScopeConstants.Androidmanagement) is IActionResult authResult) { return authResult; } //The required scopes have now been granted. GoogleCredential cred = await auth.GetCredentialAsync(); var service = new AndroidManagementService(new BaseClientService.Initializer { HttpClientInitializer = cred.CreateScoped(AndroidManagementService.Scope.Androidmanagement), ApplicationName = "BluProductsApp" }); //Fetch client information from GCP dynamic name = ""; dynamic email = ""; if (User.Identity is ClaimsIdentity claimsIdentity) { var listk = claimsIdentity.Claims.Select(x => new { x.Type, x.Value }).ToList(); name = listk[3].Value; email = User.FindFirstValue(ClaimTypes.Email); } //var enterpriseRes = _iEmmMapper.GetEnterprises().Where(x=> x.ClientEmail == email); //if(enterpriseRes!= null) //{ // TempData["MsgSignupFailed"] = "There is already an Enterprise exist. Please try with a different mail to add a new Enterprise."; // return View(enterpriseModel); //} #endregion dynamic response = ""; string enterpriseToken = Convert.ToString(TempData["EnterpriseToken"]) ?? null; if (string.IsNullOrEmpty(enterpriseToken)) { //create signup url var signupData = service.SignupUrls.Create(); signupData.AccessToken = cred.UnderlyingCredential.GetAccessTokenForRequestAsync().Result; signupData.ProjectId = ProjectId; signupData.CallbackUrl = _iConfiguration.GetValue<string>("AppSetting:CallBackURL"); response = signupData.Execute(); //assign signup data to vmodel enterpriseModel.SignupUrlName = response.Name; enterpriseModel.SignupUrlURL = response.Url; //store signupurl name in session HttpContext.Session.SetString("SignupUrlName", Convert.ToString(enterpriseModel.SignupUrlName)); //assign client info to model enterpriseModel.ClientName = name; enterpriseModel.ClientEmail = email; //insert data into database var result = _iEmmMapper.CreateUpdateEnterprise(enterpriseModel); } else { //create enterprise var enterpriseData = service.Enterprises.Create(new Enterprise()); enterpriseData.AccessToken = cred.UnderlyingCredential.GetAccessTokenForRequestAsync().Result; enterpriseData.ProjectId = ProjectId; enterpriseData.SignupUrlName = HttpContext.Session.GetString("SignupUrlName"); enterpriseData.EnterpriseToken = Convert.ToString(TempData["EnterpriseToken"]) ?? null; var enterpriseResponse = enterpriseData.Execute(); enterpriseModel.Name = enterpriseResponse.Name; enterpriseModel.EnterpriseToken = enterpriseData.EnterpriseToken; //assign client info to vmodel enterpriseModel.ClientName = name; enterpriseModel.ClientEmail = email; //fetch enterprise from db var resultEnterprise = _iEmmMapper.GetEnterprises(); if (resultEnterprise != null) { foreach (var enterprise in resultEnterprise) { //create default policies for [fixed enterprise] string policyName = enterpriseModel.Name + "/policies/" + PolicyId; //set a default policy with all latest changes var appliedPolicyData = service.Enterprises.Policies.Patch(DefaultPolicies(commonPolicies), policyName).Execute(); enterpriseModel.PolicyName = policyName; //create User var user = new User { AccountIdentifier = Guid.NewGuid().ToString() }; //create enrollmentToken with a with policy name & assign created user EnrollmentToken token = new DemoEnrollmentToken().SetPolicyName(PolicyId).SetUser(user.AccountIdentifier).SetDuration("2592000s"); var tokenResponse = service.Enterprises.EnrollmentTokens.Create(token, enterpriseModel.Name).Execute(); var eToken = tokenResponse.Value; enterpriseModel.EnrollmentToken = eToken; } } //insert/update data into database var result = _iEmmMapper.CreateUpdateEnterprise(enterpriseModel); } return View(enterpriseModel); } catch (Google.GoogleApiException gex) { string msgErr = "Error in " + this.GetType().ToString(); _loggerManager.LogError($"{msgErr}{gex.Message}"); TempData["Failure"] = "There is some technical issue. Please try again."; return View(new EnterpriseDto()); } catch (Exception ex) { string msgErr = "Error in " + this.GetType().ToString(); _loggerManager.LogError($"{msgErr}{ex.Message}"); return View(new EnterpriseDto()); } }企業獲取方法:
[HttpGet] public IActionResult CreateEnterprise(EnterpriseDto enterpriseDto, string enterpriseToken) { try { TempData["EnterpriseToken"] = string.Empty; if (!string.IsNullOrEmpty(enterpriseToken)) { TempData["EnterpriseToken"] = Convert.ToString(HttpContext.Request.Query["enterpriseToken"]); TempData["MsgEnterpriseToken"] = "Google Play signup successful."; } // var result = _iEmmMapper.GetEnterprises(); if (result != null) { foreach (var enterprise in result) { enterpriseDto.Name = enterprise.Name; enterpriseDto.EnrollmentToken = enterprise.EnrollmentToken; enterpriseDto.EnrollmentTokenExpiryDate = enterprise.ModifiedDate.AddMonths(1).ToShortDateString(); } } // return View(enterpriseDto); } catch (Exception ex) { _loggerManager.LogError($"Something went wrong inside CreateEnterprise get action: {ex.Message}"); return View(enterpriseDto); } }
CreateEnterprise.cshtml 頁面:
<form id='fCreateEnterprise' asp-action="CreateEnterprise"> <div asp-validation-summary="ModelOnly" class="text-danger"></div> @if (Model != null) { <div class="row" style="display:none;"> <div class="col-md-6"> <label asp-for=@Model.SignupUrlName class="control-label mt-2"></label> <input asp-for=@Model.SignupUrlName class="form-control" readonly="readonly" /> </div> <div class="col-md-6"> <label asp-for=@Model.SignupUrlURL class="control-label mt-2"></label> <input asp-for=@Model.SignupUrlURL class="form-control" readonly="readonly" /> </div> </div> } <div class="col-md-4 mt-4 offset-4"> <input type="submit" id="btnVerify" value="Verify" class="btn btn-success text-center" /> @*<input type="button" id="btnVerification" value="Verification" class="btn btn-success text-center" />*@ @if (Model.SignupUrlURL != null) { <a href="@Model.SignupUrlURL" target="_blank" class="btn btn-secondary text-center">Complete Signup</a> } else { <a href="#" target="_blank" class="btn btn-secondary text-center">Complete Signup</a> } <input type="submit" value="Create Enterprise" class="btn btn-primary text-center" /> </div> </form>
403錯誤,未配置訪問。 帶有JS的Google Calendar API
[英]403 Error with Access Not Configured. Google Calendar API w/ JS
Google Cloud Datastore .NET客戶端API拒絕403權限
[英]403 permission denied on Google Cloud Datastore .NET client API
消息403錯誤:訪問未配置。 請使用Google Developers Console激活項目的API
[英]403 error with message:Access Not Configured. Please use Google Developers Console to activate the API for your project
如何解決服務帳戶和 Google Drive API 的 403 錯誤
[英]How to resolve 403 error with Service Account and Google Drive API
在 ASP.NET 核心 Web ZDB974238714CA38DE634A7CE1D08 項目中使用 Google My Business API 時出現授權錯誤
[英]Getting Authorization error while using Google My Business API in ASP.NET Core Web API project
使用非服務帳戶從Android進行Google存儲訪問-403禁止/未配置訪問
[英]Google Storage access from Android with nonservice account - 403 Forbidden/Access Not Configured
嘗試使用Google API將授權碼交換為訪問碼時出錯
[英]Error when trying to exchange authorization code for access code using Google API
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.