我仅在使用PHP api实际版本的示例并使用examples文件夹的“ service-account.php”文件时遇到问题。
原来是用于显示“ Books API”的,并且通过我的个人凭据配置可以很好地工作,但是在我的xcase中,我需要通过directory.groups.get服务进行访问,以获取Google网上论坛邮件列表的会员帐户列表,所以我在其中更改了原始代码:
<?php session_start(); include_once "templates/base.php"; /************************************************ Make an API request authenticated with a service account. ************************************************/ require_once realpath(dirname(__FILE__) . '/../autoload.php'); /************************************************ ************************************************/ // MY ACCOUNT DATA HERE $client_id = 'xxx'; $service_account_name = 'xxx'; //Email Address $key_file_location = 'xxx.p12'; //key.p12 $groupKey = 'xxx'; echo pageHeader("My Service Account Access"); if ($client_id == '<YOUR_CLIENT_ID>' || !strlen($service_account_name) || !strlen($key_file_location)) { echo missingServiceAccountDetailsWarning(); } $client = new Google_Client(); $client->setApplicationName("Client_Library_Examples"); //$service = new Google_Service_Books($client); //ORIGINAL $service = new Google_Service_Directory($client); /************************************************ ************************************************/ if (isset($_SESSION['service_token'])) { $client->setAccessToken($_SESSION['service_token']); } $authArray = array( 'https://www.googleapis.com/auth/admin.directory.group', 'https://www.googleapis.com/auth/admin.directory.group.readonly', 'https://www.googleapis.com/auth/admin.directory.group.member', 'https://www.googleapis.com/auth/admin.directory.group.member.readonly' ); $key = file_get_contents($key_file_location); $cred = new Google_Auth_AssertionCredentials( $service_account_name, $authArray, //array('https://www.googleapis.com/auth/books'), //ORIGINAL $key ); $client->setAssertionCredentials($cred); if($client->getAuth()->isAccessTokenExpired()) { $client->getAuth()->refreshTokenWithAssertion($cred); } $_SESSION['service_token'] = $client->getAccessToken(); /************************************************ ************************************************/ //$optParams = array('filter' => 'free-ebooks'); //ORIGINAL $optParams = array('fields' => 'id'); //$results = $service->volumes->listVolumes('Henry David Thoreau', $optParams); //ORIGINAL $results = $service->groups->get($groupKey, $optParams); echo "<h3>Results Of Call:</h3>"; foreach ($results as $item) { //echo $item['volumeInfo']['title'], "<br /> \n"; //ORIGINAL echo "<pre>".print_r ($item, true)."</pre>"; } echo pageFooter(__FILE__);
无论我做什么,为API SDK提供授权,并使用刚在控制台开发人员的“ API凭据”面板中创建的文件和凭据,都会收到403错误。
这是错误堆栈:
#0 /var/www/html/google_local/google-api-php-client-master/src/Google/Http/REST.php(41): Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request)) #1 /var/www/html/google_local/google-api-php-client-master/src/Google/Client.php(546): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request)) #2 /var/www/html/google_local/google-api-php-client-master/src/Google/Service/Resource.php(190): Google_Client->execute(Object(Google_Http_Request)) #3 /var/www/html/google_local/google-api-php-client-master/src/Google/Service/Directory.php(1494): Google_Service_Resource->call('get', Array, 'Google_Service_...') #4 /var/www/html/google_local/googl in /var/www/html/google_local/google-api-php-client-master/src/Google/Http/REST.php on line 76
有什么建议么?
谢谢罗伯托
问题的根源在于该服务帐户不是域上的管理员,因此它无法访问Admin SDK Directory API。相反,您需要为服务帐户启用域范围的委派,然后让服务帐户在发出请求时模拟域管理员:
$cred = new Google_Auth_AssertionCredentials( $service_account_name, $authArray, $key ); $cred->sub = "admin@yourdomain.com";