1

我有一个具有域范围委派设置的服务帐户,我正在尝试使用该服务帐户创建新帐户(google-api-services-admin-directory),然后添加一些预设日历(google-api-services-calendar)新创建的帐户。

我对目录 api 没有任何问题。我必须使用服务帐户创建一个委派(管理员)用户,并且所有目录 API调用都可以正常工作。

但是,我一直无法让calendar-api调用正常工作。

Java 依赖项:

compile group: 'com.google.auth', name: 'google-auth-library-oauth2-http', version:'0.20.0'
compile group: 'com.google.apis', name: 'google-api-services-admin-directory', version:'directory_v1-rev53-1.20.0'
compile group: 'com.google.apis', name: 'google-api-services-calendar', version:'v3-rev20200315-1.30.9'


Java代码:

private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
private static final List<String> SCOPES = 
Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_USER, DirectoryScopes.ADMIN_DIRECTORY_GROUP,
      CalendarScopes.CALENDAR);
private static final String CREDENTIALS_FILE_PATH = "config/google-service-account-credentials.json";
.....
HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
sourceCredentials =
          ServiceAccountCredentials.fromStream(new FileInputStream(CREDENTIALS_FILE_PATH));
sourceCredentials = (ServiceAccountCredentials) sourceCredentials.createScoped(SCOPES);

.....

GoogleCredentials targetCredentials = sourceCredentials.createDelegated("newuser@email");
  HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(targetCredentials);
  targetCredentials.refreshIfExpired();//Not sure if this is required. It didn't help though
  Calendar calendarService = new Calendar.Builder(HTTP_TRANSPORT, JSON_FACTORY, requestInitializer).setApplicationName(MainApp.SERVICE_NAME).build();

  for (String calendarKey : listOfCalendars)) {
    CalendarListEntry cle = new CalendarListEntry();
    cle.setId(calendarKey);
    calendarService.calendarList().insert(cle).execute();//Fails with a 401
  }

堆栈跟踪 :

Caused by: java.io.IOException: Error getting access token for service account: 401 Unauthorized
at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:444)
at com.google.auth.oauth2.OAuth2Credentials.refresh(OAuth2Credentials.java:157)
at com.google.auth.oauth2.OAuth2Credentials.refreshIfExpired(OAuth2Credentials.java:174)
at myApp.GSuiteSDKHelper.updateDefaultCalendars(GSuiteSDKHelper.java:169)
... 65 more
Caused by: com.google.api.client.http.HttpResponseException: 401 Unauthorized
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1113)
at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:441)
... 68 mo

有趣的是,错误是间歇性的。重新部署后,我总是可以第一次尝试工作。之后,它是一个成功或失败。

  • 我确实将服务帐户添加到我要添加的日历中,并确保服务帐户是日历上的“所有者”。
4

1 回答 1

0

类似的事情发生在我身上,就我而言,我可以通过添加范围来解决它:"https://www.googleapis.com/auth/userinfo.email","https://www.googleapis.com/auth/userinfo.profile"

于 2021-05-24T21:52:22.787 回答