我正在制作一个应该为域中的每个用户设置签名的应用程序。当我尝试在主要别名上设置签名时,这工作正常,但此解决方案不适用于其他别名(非主要别名)。
我使用工作正常的域范围委派,因为我可以将所有主要发送的签名设置为域中的别名。为此,我使用请求:'www.googleapis.com/gmail/v1/users/<email_address>/settings/sendAs/<alias_address>'。当我对非主要别名执行完全相同的操作时,我收到一条错误 403 并显示一条消息,告诉我缺少范围“www.googleapis.com/auth/gmail.settings.sharing”。
Missing required scope "https://www.googleapis.com/auth/gmail.settings.sharing" for modifying non-primary SendAs
这些是我在代码中使用的范围:
"oauthScopes": [
"https://www.googleapis.com/auth/gmail.settings.basic",
"https://www.googleapis.com/auth/gmail.settings.sharing",
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/documents",
"https://www.googleapis.com/auth/admin.directory.user.readonly",
"https://www.googleapis.com/auth/drive.readonly"
]
如您所见,存在“共享”范围。
// The service that allow me to list send as alias
var serviceListe = getDomainWideDelegationService('Gmail: ', 'https://www.googleapis.com/auth/gmail.settings.basic', user.primaryEmail)
// THe service that allow me to edit send as signature
var serviceModif = getDomainWideDelegationService('Gmail: ', 'https://www.googleapis.com/auth/gmail.settings.sharing', user.primaryEmail)
返回域范围委托的代码:
function getDomainWideDelegationService(serviceName, scope, email) {
return OAuth2.createService(serviceName + email)
// Set the endpoint URL.
.setTokenUrl('https://oauth2.googleapis.com/token')
// Set the private key and issuer.
.setPrivateKey(OAUTH2_SERVICE_ACCOUNT_PRIVATE_KEY)
.setIssuer(OAUTH2_SERVICE_ACCOUNT_CLIENT_EMAIL)
// Set the name of the user to impersonate. This will only work for
// Google Apps for Work/EDU accounts whose admin has setup domain-wide
// delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
.setSubject(email)
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(PropertiesService.getScriptProperties())
// Set the scope. This must match one of the scopes configured during the
// setup of domain-wide delegation.
.setScope(scope);
}