0
  1. 我在开发者控制台中创建了谷歌应用程序。
  2. 启用管理 SDK
  3. 启用 API 访问
  4. 在“管理 OAuth 客户端访问”中,我添加了具有“ https://www.googleapis.com/auth/admin.directory.user ”范围的“授权 API 客户端”。

此外,我想从我的域中获取用户。

JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();

ArrayList<String> scopeList = new ArrayList<>();
scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_USER_READONLY);
GoogleCredential credential = new GoogleCredential.Builder()
          .setTransport(httpTransport)
          .setJsonFactory(JSON_FACTORY)
          .setServiceAccountId("bla-bla@developer.gserviceaccount.com")
          .setServiceAccountScopes(scopeList)
          .setServiceAccountPrivateKeyFromP12File(new File("p12 file")))
          .setServiceAccountUser("superadmin@my-domain.com")
          .build();

credential.setAccessToken("access token of current google user");

Directory admin = new Directory.Builder(httpTransport, JSON_FACTORY, credential)
          .setApplicationName("Capsidea")
          .setHttpRequestInitializer(credential).build();
return admin.users().list().setDomain("my-domain.com").execute();

当我通过 superadmin@my-domain.com 通过 OAuth 登录谷歌时,一切正常。但是当我通过 some-user-non-admin@my-domain.com 登录时出现错误: “未授权访问此资源/api”

非管理员用户可以获取域中所有用户的列表吗?当域更改时,鉴于有必要指定 superadmin'a ,此代码将起作用?有任何想法吗?

4

1 回答 1

0

setServiceAccountUser needs a user capable of Admin API usage (there is a fine-grained role configuration tool).

Do state that such a user is needed for your code to work.

于 2014-06-25T11:01:12.410 回答