【问题标题】:(400) Bad Request using Google API PHP Client with the Admin SDK(400) 使用带有 Admin SDK 的 Google API PHP 客户端的错误请求
【发布时间】:2014-10-21 10:39:11
【问题描述】:

我正在尝试将Google API PHP Client 与 Google Directory API 一起使用。我进入 Google Developers Console 并创建了一个名为 google-sync 的项目。然后我在 API 列表页面中启用了Admin SDK。然后我从 Credentials 页面中选择了“创建新的客户端 ID”,并选择了 Service Account,然后下载了提示我下载的 .bin 私钥。然后我还点击了“生成新的 P12 密钥”并下载了 .p12 文件,该文件与 PHP 文件位于同一目录中。

这是我试图列出所有用户的 PHP 代码(在 this part of the docs 之后)。

<?php
session_start();
require 'vendor/autoload.php';
$SCOPE = 'https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit';

$SERVICE_ACCOUNT_EMAIL = '<EMAIL ADDRESS>';
$SERVICE_ACCOUNT_PKCS12_FILE_PATH = '<P12 FILE NAME>.p12';

$client = new Google_Client();
$client->setApplicationName('google-sync');
$adminService = new Google_Service_Directory($client);
$key = file_get_contents($SERVICE_ACCOUNT_PKCS12_FILE_PATH);
$cred = new Google_Auth_AssertionCredentials(
    $SERVICE_ACCOUNT_EMAIL,
    array($SCOPE),
    $key);
$client->setAssertionCredentials($cred);

$allUsers = $adminService->users->listUsers();

当我运行这段代码时,我得到了这个错误:

PHP Fatal error:  Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:80
Stack trace:

#0 /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php(44): Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request))
#1 /projects/google-sync/vendor/google/apiclient/src/Google/Client.php(499): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request))
#2 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php(195): Google_Client->execute(Object(Google_Http_Request))
#3 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php(2063): Google_Service_Resource->call('list', Array, 'Google_Service_...')
#4 /projects/google-sync/auth-test.php(20): Google_Service_Directory_Users_Resource->listUsers()
#5 {main}
  thrown in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80

Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80

Google_Service_Exception: Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80

Call Stack:
    0.0001     232296   1. {main}() auth-test.php:0
    0.0172    2957992   2. Google_Service_Directory_Users_Resource->listUsers() /projects/google-sync/auth-test.php:20
    0.0172    2959144   3. Google_Service_Resource->call() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php:2063
    0.3356    2970752   4. Google_Client->execute() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php:195
    0.3356    2971568   5. Google_Http_REST::execute() /projects/google-sync/vendor/google/apiclient/src/Google/Client.php:499
    0.7015    2974424   6. Google_Http_REST::decodeHttpResponse() /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:44

当我下载 p12 文件时,我得到了一个与私钥关联的密码,但我找不到任何关于如何包含该密码的文档。这是我的问题吗?

【问题讨论】:

    标签: php oauth-2.0 google-api google-api-php-client


    【解决方案1】:

    我也面临同样的问题。服务帐户在发出请求时应模拟域管理员。此外,listUsers() 期望域作为参数传递。

    确保您已将域范围的权限委派给服务帐户 - https://developers.google.com/api-client-library/php/auth/service-accounts

    $cred = new Google_Auth_AssertionCredentials(
        $service_account_name,
        array($SCOPE),
        $key
    );
    $cred->sub = "admin@domain.com";
    //Get All users.
    $list  = $service->users->listUsers(Array('domain' => 'domain.com'));
    //Get one user
    $userId = $service->users->get('someuser@domain.com');
    

    【讨论】:

      【解决方案2】:

      我能够通过进入我的域的管理控制台来解决此问题,进入安全性下的管理 API 客户端访问页面,并从开发者控制台添加客户端 ID 并添加我需要的目录 API 范围。

      请参阅this part of the docs 了解更多信息。

      【讨论】:

      猜你喜欢
      • 2014-11-06
      • 2020-08-05
      • 2013-10-07
      • 2018-05-04
      • 1970-01-01
      • 1970-01-01
      • 2015-08-17
      • 2015-05-11
      • 1970-01-01
      相关资源
      最近更新 更多