4

我已经设置了一个新项目来访问我的 GSuite 帐户用户。当我运行我的代码时,它会给出 401 - '需要登录'。

我已向具有所需范围的帐户授予“域范围权限”。

我正在使用的代码是:

def authorize
  authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
    json_key_io: File.open('path-to-file.json'),
    scope: "https://www.googleapis.com/auth/admin.directory.user.readonly")
  authorizer.sub = 'GSuite admin email'
  authorizer.fetch_access_token!
end

service = Google::Apis::AdminDirectoryV1::DirectoryService.new
service.authorization = authorize
response = service.list_users

该项目是在我的个人谷歌开发者帐户上设置的。

任何想法为什么会发生这种情况以及我该如何解决?

4

2 回答 2

0

你在windows上运行吗?你有红宝石2吗?我认为您使用的是旧代码。

# Copyright 2018 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# [START admin_sdk_directory_quickstart]
require "google/apis/admin_directory_v1"
require "googleauth"
require "googleauth/stores/file_token_store"
require "fileutils"

OOB_URI = "urn:ietf:wg:oauth:2.0:oob".freeze
APPLICATION_NAME = "Directory API Ruby Quickstart".freeze
CREDENTIALS_PATH = "credentials.json".freeze
# The file token.yaml stores the user's access and refresh tokens, and is
# created automatically when the authorization flow completes for the first
# time.
TOKEN_PATH = "token.yaml".freeze
SCOPE = Google::Apis::AdminDirectoryV1::AUTH_ADMIN_DIRECTORY_USER_READONLY

##
# Ensure valid credentials, either by restoring from the saved credentials
# files or intitiating an OAuth2 authorization. If authorization is required,
# the user's default browser will be launched to approve the request.
#
# @return [Google::Auth::UserRefreshCredentials] OAuth2 credentials
def authorize
  client_id = Google::Auth::ClientId.from_file CREDENTIALS_PATH
  token_store = Google::Auth::Stores::FileTokenStore.new file: TOKEN_PATH
  authorizer = Google::Auth::UserAuthorizer.new client_id, SCOPE, token_store
  user_id = "default"
  credentials = authorizer.get_credentials user_id
  if credentials.nil?
    url = authorizer.get_authorization_url base_url: OOB_URI
    puts "Open the following URL in the browser and enter the " \
         "resulting code after authorization:\n" + url
    code = gets
    credentials = authorizer.get_and_store_credentials_from_code(
      user_id: user_id, code: code, base_url: OOB_URI
    )
  end
  credentials
end


# Initialize the API
service = Google::Apis::AdminDirectoryV1::DirectoryService.new
service.client_options.application_name = APPLICATION_NAME
service.authorization = authorize
# List the first 10 users in the domain
response = service.list_users(customer:    "my_customer",
                              max_results: 10,
                              order_by:    "email")
puts "Users:"
puts "No users found" if response.users.empty?
response.users.each { |user| puts "- #{user.primary_email} (#{user.name.full_name})" }
# [END admin_sdk_directory_quickstart]

代码链接

于 2019-07-09T18:46:52.607 回答
0

I don't see list_users in the method list, but only a 'list'

What about such code:

require 'google/apis/admin_directory_v1'

authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open(key_file_location),
  scope: 'https://www.googleapis.com/auth/admin.directory.user.readonly'
)

authorizer.sub = acting_admin_email 
authorizer.fetch_access_token!
directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new
directory_service.authorization = authorizer
user_list = directory_service.list

The changes are that the directory_service.authorization = authorizer and using list instead of user_list.

于 2019-07-09T09:56:37.507 回答