我刚开始使用Google API,但我有一个项目要求我访问他们的域名,以通过电子邮件找到用户的经理.在我开始编写代码之前,我想设置所有内容,所以我遵循了
example file for PHP.我能够得到它的工作,但有一些问题刷新令牌一旦过期,研究推动我使用
Service Account,因为这是一个服务器cron脚本,我不想处理任何用户交互.
我创建了服务帐户,启用G Suite全域委托,并添加了以下访问权限:https://www.googleapis.com/auth/admin.directory.user.readonly
我的脚本出现了Google_Service_Exception.
答复是:
{ "error": { "errors": [ { "domain": "global","reason": "notFound","message": "Domain not found." } ],"code": 404,"message": "Domain not found." } }
我假设这意味着它不知道帐户域,但我看不到我如何解决这个问题.我假设如果这是一个权限问题,Google会告诉我.我试图在网上搜索,但没有运气,因为我发现使用不同的方法的问题,修复不是可以在服务帐户上完成.我现在卡住了,所以我希望推进正确的方向会让我走上正轨.
这是我使用的测试脚本:
<?PHP require_once( __DIR__. '/vendor/autoload.PHP' ); define('CREDENTIALS_PATH','/path/to/service_account.json'); define('SCOPES',implode(' ',array( Google_Service_Directory::ADMIN_DIRECTORY_USER_READONLY) )); date_default_timezone_set('America/New_York'); /** * Returns an authorized API client. * @return Google_Client the authorized client object */ function getClient() { $client = new Google_Client(); $client->setApplicationName('TestingApp'); $client->setAuthConfig(CREDENTIALS_PATH); $client->setScopes(SCOPES); return $client; } // Get the API client and construct the service object. $client = getClient(); $service = new Google_Service_Directory($client); // Print the first 10 users in the domain. $optParams = array( 'customer' => 'my_customer','maxResults' => 10,'orderBy' => 'email',); $results = $service->users->listUsers($optParams); if (count($results->getUsers()) == 0) { print "No users found.\n"; } else { print "Users:\n"; foreach ($results->getUsers() as $user) { printf("%s (%s)\n",$user->getPrimaryEmail(),$user->getName()->getFullName()); } }
我的service_account.json包含(清理明确)
{ "type": "service_account","project_id": "PROJECT_ID","private_key_id": "PRIVATE_KEY_ID","private_key": "PRIVATE_KEY","client_email": "SERVICE_ACCOUNT_EMAIL.iam.gserviceaccount.com","client_id": "CLIENT_ID","auth_uri": "https://accounts.google.com/o/oauth2/auth","token_uri": "https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url": "https://www.googleapis.com/robot/v1/Metadata/x509/SERVICE_ACCOUNT_IDENTIFIER.iam.gserviceaccount.com" }
感谢任何协助.
好的,这是一个很容易忽视的一步,但这是一个非常简单的修复.
这里的问题是该帐户的域名未被识别.我的印象是,服务帐户已经附加到域,但事实并非如此.所以修复只是添加到客户端的一行代码,将其设置为域中的用户(对于我的情况).
我的补充是补充:
$client->setSubject('account@domain.com');
到我的getClient方法.
所以现在的方法看起来像:
/** * Returns an authorized API client. * @return Google_Client the authorized client object */ function getClient() { $client = new Google_Client(); $client->setApplicationName('TestingApp'); $client->setAuthConfig(CREDENTIALS_PATH); $client->setScopes(SCOPES); $client->setSubject('account@domain.com'); return $client; }
我看到这个提到in the API,但它声明它是可选的.希望这也会帮助别人.