请求的客户端未被授权
本文关键字:授权 客户端 请求 | 更新日期: 2023-09-27 18:05:16
我正在尝试使用google service account从我的域获得谷歌用户。
但是会抛出错误
Error:"access_denied", Description:"Requested client not authorized.", Uri:""
X509Certificate2 certificate = new X509Certificate2(key_path,
"notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer("publickey.gserviceaccount.com")
{ Scopes = scopes,
User = "admin@domain.com"
}.FromCertificate(certificate));
var service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "appname",
});
service.Users.List().Domain = "domain.com";
Users results = service.Users.List().Execute();
Thanks in advance
服务帐户的电子邮件地址需要具有访问域的权限。以电子邮件为例,将其添加为用户,使其具有足够的阅读权限。
你也修改了这个帖子吗?
"publickey.gserviceaccount.com"
一个服务帐户的电子邮件看起来更像这样:
539621478854-imkdv94bgujcom228h3ea33kmkoefhil@developer.gserviceaccount.com
您需要首先让您的服务帐户/API项目访问您的域。文档中有详细的步骤:
https://developers.google.com/admin-sdk/directory/v1/guides/delegation delegate_domain-wide_authority_to_your_service_account
您需要在这些指令的第6步中指定正确的作用域,即https://www.googleapis.com/auth/admin.directory.user.readonly来访问用户列表。
此外,为了使Directory API工作,您需要在域设置中启用API访问:https://developers.google.com/admin-sdk/directory/v1/guides/prerequisites#set_up_api
我终于能够让它工作了。下面是我的代码
var grpReq = service.Groups.List();
grpReq.Domain = "mydomain.com";
Groups groups = grpReq.Execute();
IList<Group> gps = groups.GroupsValue;
var memReq=service.Members.List(groups.GroupsValue[0].Id);
Members members = memReq.Execute();
我仍然不知道为什么创建一个var对象,然后执行()得到这个工作,但早期的代码没有工作。
我仍然有同意屏幕显示所有用户的问题。我有以下代码。我认为我获取登录用户邮箱的方式是不正确的。什么好主意吗?
string mymail = googleauth.GetUsersEmail(ExchangeCodeWithAccessAndRefreshToken().Access_Token);
string path = "d:''c6b82065f26fbb0-privatekey.p12";
X509Certificate2 certificate = new X509Certificate2(
path,
"notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer("876131792-v824u6drpss@developer.gserviceaccount.com")
{
User = mymail,
Scopes = new[] { PlusService.Scope.UserinfoEmail, PlusService.Scope.UserinfoProfile, PlusService.Scope.PlusMe }
}.FromCertificate(certificate));
PlusService plus = new PlusService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "myapp"
});
Person profile = plus.People.Get("me").Execute();
string email = profile.Emails[0].Value;