【发布时间】:2017-01-28 13:23:34
【问题描述】:
我正在尝试更改使用 Google Admin SDK 并使用 Google Directory API 的用户的密码。
这是我的代码:
<?php
require_once __DIR__ . '/vendor/autoload.php';
define('APPLICATION_NAME', 'CRONDAQ');
define('CREDENTIALS_PATH', '/root/.credentials/admin-directory_v1-php-quickstart.json');
define('CLIENT_SECRET_PATH', __DIR__ . '/client_secret.json');
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/admin-directory_v1-php-quickstart.json
define('SCOPES', implode(' ', array(
Google_Service_Directory::ADMIN_DIRECTORY_USER)
));
if (php_sapi_name() != 'cli') {
throw new Exception('This application must be run on the command line.');
}
/**
* Returns an authorized API client.
* @return Google_Client the authorized client object
*/
function getClient() {
$client = new Google_Client();
$client->setApplicationName(APPLICATION_NAME);
$client->setScopes(SCOPES);
$client->setAuthConfig(CLIENT_SECRET_PATH);
$client->setAccessType('offline');
// Load previously authorized credentials from a file.
$credentialsPath = expandHomeDirectory(CREDENTIALS_PATH);
if (file_exists($credentialsPath)) {
$accessToken = json_decode(file_get_contents($credentialsPath), true);
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
// Store the credentials to disk.
if(!file_exists(dirname($credentialsPath))) {
mkdir(dirname($credentialsPath), 0700, true);
}
file_put_contents($credentialsPath, json_encode($accessToken));
printf("Credentials saved to %s\n", $credentialsPath);
}
$client->setAccessToken($accessToken);
// Refresh the token if it's expired.
if ($client->isAccessTokenExpired()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
file_put_contents($credentialsPath, json_encode($client->getAccessToken()));
}
return $client;
}
/**
* Expands the home directory alias '~' to the full path.
* @param string $path the path to expand.
* @return string the expanded path.
*/
function expandHomeDirectory($path) {
$homeDirectory = getenv('HOME');
if (empty($homeDirectory)) {
$homeDirectory = getenv('HOMEDRIVE') . getenv('HOMEPATH');
}
return str_replace('~', realpath($homeDirectory), $path);
}
// Get the API client and construct the service object.
$client = getClient();
$service = new Google_Service_Directory($client);
$password = crypt ( "Password", $salt="IamSecretkey" );
$userObj = new Google_Service_Directory_User(
array(
'password' => $password
)
);
try{
$results = $service->users->update("danish@XXX.in", $userObj );
} catch(Error $ex) {
print_r($ex->getMessage());
}
echo "<pre>";
print_r($results);
这是我得到的错误:
PHP 致命错误:未捕获的异常“Google_Service_Exception”与 消息'{“错误”:{“错误”:[{ “域”:“全球”, “原因”:“权限不足”, “消息”:“权限不足”}],“代码”:403,“消息”:“权限不足”} }
【问题讨论】:
-
尝试检查您正在使用的scopes,如果它允许您更新用户的密码。您还可以按照相关 SO post 中的说明尝试 using service accounts with Admin SDK for domain-wide delegation. 并正确模拟其中一位用户来访问 Admin SDK Directory API。希望这会有所帮助。
-
我认为你应该密切关注cmets。
// If modifying these scopes, delete your previously saved credentials // at ~/.credentials/admin-directory_v1-php-quickstart.json。或者,您也可以尝试设置自己的authentication flow,而不是使用 quickstart.php 中的一个
标签: google-api-php-client google-admin-sdk google-directory-api