0

我正在开发一个使用 Google Apps Reseller API(在此处找到)的项目。

我遇到了 403 禁止异常。

代码(大部分来自 Google Codelab Example Here

try {
        try {

        Reseller service = GoogleResellerApiUtil.getResellerService();

        Customer customerRecord = service.customers().get("acme.com").execute(); //crashes here
    // "acme.com" is also used in the example from Google
        System.out.println(customerRecord.toString());


    } catch (GoogleJsonResponseException e) {
        e.printStackTrace();
    }

这是我用来连接 API 的类。我提供了一个 p12 文件,它使用服务帐户,在调用 API 时,它冒充其中一位超级管理员,因此应该允许它进行所有调用。

目前我只使用只读范围。

public class GoogleResellerApiUtil {
    /** HTTP_TRANSPORT */
    private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();

    /** JSON Factory*/
    private static final JsonFactory JSON_FACTORY = new JacksonFactory();

    /** Service Account Email */
    public static final String SERVICE_ACCOUNT_EMAIL = "****@appspot.gserviceaccount.com";

    /** P12 File Location */
    public static final String PRIVATE_KEY_FILE = "WEB-INF/key.p12";

    /** Reseller Admin Account to impersonate */
    public static final String RESELLER_ADMIN = "**.**@**.com";

    /** Scopes */
    public static final List<String> SCOPES = Arrays.asList(ResellerScopes.APPS_ORDER_READONLY);

    /** Application name. */
    private static final String APPLICATION_NAME = "**-subscription-portal";

    /** Logger */
    private final static Logger LOGGER =
        Logger.getLogger(GoogleResellerApiUtil.class.getName());



    public static GoogleCredential getCredentials() throws IOException {

        GoogleCredential credentials = null;

        try {
            credentials = new GoogleCredential.Builder()
                .setTransport(HTTP_TRANSPORT)
                .setJsonFactory(JSON_FACTORY)
                .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
                .setServiceAccountScopes(SCOPES)
                .setServiceAccountUser(RESELLER_ADMIN)
                .setServiceAccountPrivateKeyFromP12File(new File(PRIVATE_KEY_FILE))
                .build();
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        }

        System.out.println("credential has been build, returning credential "); //this gets printed, so I think the credentials are valid?
    return credentials;
}

    /**
     * Build and return an authorized Reseller client service.
     * @return an authorized Reseller client service
     * @throws IOException
     */
    public static Reseller getResellerService() throws Exception {
        Credential credential = getCredentials();
        return new Reseller.Builder(
            HTTP_TRANSPORT, JSON_FACTORY, credential)
            .setApplicationName(APPLICATION_NAME)
            .build();
    }
}

但是我在拨打电话时收到以下错误消息:

com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 OK
{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Forbidden",
    "reason" : "forbidden"
  } ],
  "message" : "Forbidden"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
etc. etc. etc.
4

1 回答 1

1

Reseller API: Manage Subscriptions中指出

注意:如果 customerAuthToken 无效或已过期,API 响应将返回 403“Forbidden”错误。

要解决此问题,请确保请求必须由有权访问数据的经过身份验证的用户授权。如经销商 API 中所述:授权

注意: 授予 Reseller API 权限的用户必须是域超级管理员。

除此之外,在令牌过期中建议您编写代码以预测授予的令牌可能不再起作用的可能性。由于以下原因之一,令牌可能会停止工作:

  • 用户已撤销访问权限。
  • 该令牌已六个月未使用。
  • 用户更改了密码,并且令牌包含 Gmail 范围。
  • 用户帐户已超过一定数量的令牌请求。

希望有帮助!

于 2016-10-26T14:34:33.543 回答