1

我正在尝试使用 Google Admin API 获取和更新我的域的用户

  private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
  private static final List<String> SCOPES = Arrays.asList(
      "https://www.googleapis.com/auth/admin.directory.user",
      "https://www.googleapis.com/auth/admin.directory.user.readonly");

  public static void main(String[] args) {
    try {
      HttpTransport httpTransport = new NetHttpTransport();


      GoogleCredential credential =
          new GoogleCredential.Builder()
              .setTransport(httpTransport)
              .setJsonFactory(JSON_FACTORY)
              .setServiceAccountId(
                  "xxxxx-yyyyy@developer.gserviceaccount.com")
              .setServiceAccountUser("sysadmin@mydomain.com")
              .setServiceAccountScopes(SCOPES)
              .setServiceAccountPrivateKeyFromP12File(
                  new File("C:\\privatekey.p12")).build();

      Directory admin =
          new Directory.Builder(httpTransport, JSON_FACTORY, credential)
              .setApplicationName("User Sync Service")
              .setHttpRequestInitializer(credential).build();

      Directory.Users.List list = admin.users().list();
      list.setDomain("mydomain.com");
      Users users = list.execute();
      System.out.println("************");
    } catch (Exception e) {
      e.printStackTrace();
    }
  }

我收到此错误

com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
  "error" : "access_denied"
}
    at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
    at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
    at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
    at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:269)
    at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
    at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217)
    at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:858)

截图: 在此处输入图像描述 在此处输入图像描述

4

1 回答 1

2

您看到的具体错误可能意味着您没有在 CPanel 的第 3 方 OAuth 设置中授予服务帐户对 Google Apps 域的访问权限。此步骤在Google Drive 域范围的委派文档中进行了描述(只是目录范围中的子项)。

此外,您可能只想对Web 服务器已安装的应用程序使用常规 OAuth 2.0 令牌,而不是使用服务帐户。它仍然不像提供管理员用户/通行证那么简单,但它比服务帐户更简单,并且比用户/通行证访问更安全,因为您正在确定访问范围而不是直接接触用户密码。

于 2013-09-25T13:43:07.960 回答