1

早上好,我正在尝试将Google+ DomainsAPI 与我的公司域集成,但我遇到了一些问题。

我正在尝试 java 快速入门之后的 java 方法,但是在实现代码之后,来自谷歌服务器的响应是:

Authenticate the domain for hugo.catarino@outsystems.com
Inserting activity
10/Set/2013 17:08:49 com.google.api.client.googleapis.services.AbstractGoogleClient <init>
WARNING: Application name is not set. Call Builder#setApplicationName.
Exception in thread "main" com.google.api.client.auth.oauth2.TokenResponseException:400 Bad Request
{
   "error" : "access_denied"
}
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:269)
at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:858)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)
at com.google.plus.samples.quickstart.domains.DomainDelegation.main(DomainDelegation.java:160)

这是使用的身份验证方法和我的变量:

private static final String SERVICE_ACCOUNT_EMAIL = "638852846577@developer.gserviceaccount.com";

private static final String SERVICE_ACCOUNT_PKCS12_FILE_PATH =
  "src/com/google/plus/samples/quickstart/domains/05cab8e819cbd0a747b180c1f22fc93dba916b7b-privatekey.p12";

private static final String USER_EMAIL = "hugo.catarino@outsystems.com";




private static Plus authenticate() throws GeneralSecurityException, IOException {

System.out.println(String.format("Authenticate the domain for %s", USER_EMAIL));

HttpTransport httpTransport = new NetHttpTransport();
JsonFactory jsonFactory = new JacksonFactory();

// Setting the sub field with USER_EMAIL allows you to make API calls using the special keyword
// 'me' in place of a user id for that user.
GoogleCredential credential = new GoogleCredential.Builder()
    .setTransport(httpTransport)
    .setJsonFactory(jsonFactory)
    .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
    .setServiceAccountScopes(SCOPE)
    .setServiceAccountUser(USER_EMAIL)
    .setServiceAccountPrivateKeyFromP12File(
        new java.io.File(SERVICE_ACCOUNT_PKCS12_FILE_PATH)).build();

// Create and return the Plus service object
Plus service = new Plus.Builder(httpTransport, jsonFactory, credential).build();

return service;
}

我的主类具有示例中的以下代码:

Plus service = authenticate();

String userId = "me";
String msg = "Happy Monday! #caseofthemondays";

System.out.println("Inserting activity");

// Create the audience of the post
PlusAclentryResource res = new PlusAclentryResource();
// Share to the domain
res.setType("domain");

List<PlusAclentryResource> aclEntries = new ArrayList<PlusAclentryResource>();
aclEntries.add(res);

Acl acl = new Acl();
acl.setItems(aclEntries);
// Required, this does the domain restriction
acl.setDomainRestricted(true);

Activity activity = new Activity()
    .setObject(new Activity.PlusObject().setOriginalContent(msg))
    .setAccess(acl);

activity = service.activities().insert(userId, activity).execute();

System.out.println(activity);

在域中cPanel,公司为我定义了下一个范围:

https://www.googleapis.com/auth/plus.circles.read 
https://www.googleapis.com/auth/plus.circles.write 
https://www.googleapis.com/auth/plus.me 
https://www.googleapis.com/auth/plus.media.upload 
https://www.googleapis.com/auth/plus.stream.read 
https://www.googleapis.com/auth/plus.stream.write

我的范围定义是:

private static final List<String> SCOPE = Arrays.asList(
       "https://www.googleapis.com/auth/plus.circles.read", 
           "https://www.googleapis.com/auth/plus.circles.write", 
           "https://www.googleapis.com/auth/plus.me", 
           "https://www.googleapis.com/auth/plus.media.upload", 
           "https://www.googleapis.com/auth/plus.stream.read", 
           "https://www.googleapis.com/auth/plus.stream.write");

我在这里有点迷路,有没有办法调试这个问题或者知道为什么这个访问被拒绝?

4

1 回答 1

0

您应该检查几件事。

首先,您从Google API 控制台下载的私钥文件是否与您的代码位于正确的路径中?此文件由以下变量引用。这需要告诉 OAuth 客户端库在哪里可以找到文件。

private static final String SERVICE_ACCOUNT_PKCS12_FILE_PATH =
"/path/to/<public_key_fingerprint>-privatekey.p12";

不要重命名文件,这一点非常重要。

其次,您的代码中的范围列表是否与管理控制台中设置的范围列表相匹配?

您的 Google Apps 域的管理控制台中的配置以及请求中提供的范围必须相同。尝试将代码SCOPE中的变量调整为:

private static final List<String> SCOPE = Arrays.asList(
    "https://www.googleapis.com/auth/plus.me",
    "https://www.googleapis.com/auth/plus.circles.read",
    "https://www.googleapis.com/auth/plus.circles.write",
    "https://www.googleapis.com/auth/plus.media.upload",
    "https://www.googleapis.com/auth/plus.stream.read",
    "https://www.googleapis.com/auth/plus.stream.write");

一般来说,最好只请求您需要的范围,而不是所有可用的范围。

第三,确保您生成的客户端 ID 是管理控制台条目中列出的 ID,该条目指定了允许的范围。

于 2013-09-09T17:54:28.667 回答