google-api-php-client - Google Groups Directory API - 无法添加新成员

Question

我正在尝试将某些内容集成到我们的网站中，以便在他们创建帐户时将新成员添加到我们的 Google 群组邮件列表中。我正在使用 Admin SDK 的 PHP API 来执行此操作，但没有运气

这是代码

include_once 'autoload.php';
$clientId = 'xxxxxxx.apps.googleusercontent.com';

$serviceAccountName = 'xxxxxx@developer.gserviceaccount.com';

$delegatedAdmin = 'admin@website.org';

$keyFile = 'key.p12';

$appName = 'App Name';

$scopes = array(
    'https://www.googleapis.com/auth/admin.directory.group'
);


if (!($creds = new Google_Auth_AssertionCredentials(
    $serviceAccountName,
    $scopes,
    file_get_contents($keyFile)
))) {
    echo 'creds failed';
    exit;
}

if (!($creds->sub = $delegatedAdmin)) {
    echo 'sub failed';
    exit;
}

if (!($client = new Google_Client())) {
    echo 'obj creation failed failed';
    exit;
}
if (!($client->setApplicationName($appName))) {
    echo 'app name failed';
    exit;
}
if (!($client->setClientId($clientId))) {
    echo 'set id failed';
    exit;
}
if (!($client->setAssertionCredentials($creds))) {
    echo 'assertion failed';
    exit;
}
if (!($dir = new Google_Service_Directory($client))) {
    echo 'dir failed';
    exit;
}

if (!($member = new Google_Service_Directory_Member(array(
                        'email' =>'validtestemail@test.test',
                        'kind' => 'admin#directory#member',
                        'role' => 'MEMBER',
                        'type' => 'USER')))) {
    echo 'member failed';
    exit;
}

if (!($list = $dir->members->insert('groupname@googlegroups.com', $member))) {
    echo 'list failed';
    exit;
}
echo 'good';

如果我运行它，代码会在设置的应用程序名称处停止，或者为此设置 $client 的任何属性。如果我将这些部分注释掉，我会得到一个空白页。

score 0 · Accepted Answer

你的代码，new Google_Service_Directory($client)从那时起，对我有用，所以我猜问题出在你的凭证生成上。

这是我成功使用的一些代码：

// Create a new google client.  We need this for all API access.
$client = new Google_Client();
$client->setApplicationName("Google Group Test");

$client_id = '...';
$service_account_name = '...';
$key_file_location = '...';

if (isset($_SESSION['service_token'])) {
    $client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);

// https://www.googleapis.com/auth/admin.directory.group,
// https://www.googleapis.com/auth/admin.directory.group.readonly, 
// https://www.googleapis.com/auth/admin.directory.group.member, 
// https://www.googleapis.com/auth/admin.directory.group.member.readonly,
// https://www.googleapis.com/auth/apps.groups.settings, 
// https://www.googleapis.com/auth/books
$cred = new Google_Auth_AssertionCredentials(
    $service_account_name,
        array(
            Google_Service_Groupssettings::APPS_GROUPS_SETTINGS,
            Google_Service_Directory::ADMIN_DIRECTORY_GROUP,
            Google_Service_Directory::ADMIN_DIRECTORY_GROUP_READONLY,

            Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER,
            Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER_READONLY,

            Google_Service_Books::BOOKS,
        ),
        $key,
        'notasecret'
    );
//
// Very important step:  the service account must also declare the
// identity (via email address) of a user with admin priviledges that
// it would like to masquerade as.
//
// See:  http://stackoverflow.com/questions/22772725/trouble-making-authenticated-calls-to-google-api-via-oauth
//
$cred->sub = '...';
$client->setAssertionCredentials($cred);
if ($client->getAuth()->isAccessTokenExpired()) {
    $client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();

在我的示例中，范围比您需要的要多，但我将它们全部保留。请确保在管理控制台中将所有相同的范围授予您的服务帐户。请参阅文档Using OAuth 2.0 for Server to Server Applications，尤其是“将域范围的权限委托给服务帐户”部分。你会想去页面：

https://admin.google.com/YOURDOMAIN/AdminHome?chromeless=1#OGX:ManageOauthClients

将 YOURDOMAIN 替换为您的 Google Apps 帐户的域。

google-api-php-client - Google Groups Directory API - 无法添加新成员

1 回答 1

Related

Reference