请求的客户未经授权
我正在尝试使用google service account从我的域名获取谷歌用户。
但它会引发错误
Error:"access_denied", Description:"Requested client not authorized.", Uri:""
我的代码
X509Certificate2 certificate = new X509Certificate2(key_path, "notasecret", X509KeyStorageFlags.Exportable); ServiceAccountCredential credential = new ServiceAccountCredential( new ServiceAccountCredential.Initializer("publickey.gserviceaccount.com") { Scopes = scopes, User = "admin@domain.com" }.FromCertificate(certificate)); var service = new DirectoryService(new BaseClientService.Initializer() { HttpClientInitializer = credential, ApplicationName = "appname", }); service.Users.List().Domain = "domain.com"; Users results = service.Users.List().Execute();
提前致谢
服务帐户电子邮件地址需要访问域。 接收电子邮件并将其添加为用户足够的访问权限,以便它可以读取。
你也发布了这个更改吗?
"publickey.gserviceaccount.com"
服务帐户电子邮件看起来更像是:
539621478854-imkdv94bgujcom228h3ea33kmkoefhil@developer.gserviceaccount.com
您需要先向您的服务帐户/ API项目授予对您的域的访问权限。 这里的文档中详述的步骤如下:
您需要在这些说明的第6步中指定所需的正确范围,即https://www.googleapis.com/auth/admin.directory.user.readonly才能访问用户列表。
除了要使用Directory API之外,您还需要在域设置中启用API访问: https : //developers.google.com/admin-sdk/directory/v1/guides/prerequisites#set_up_api
我终于能够让这个工作了。 这是我的代码
var grpReq = service.Groups.List(); grpReq.Domain = "mydomain.com"; Groups groups = grpReq.Execute(); IList gps = groups.GroupsValue; var memReq=service.Members.List(groups.GroupsValue[0].Id); Members members = memReq.Execute();
我仍然不确定为什么创建一个var对象,然后Execute()使这个工作,但早期的代码不起作用。
我仍然有为所有用户显示同意屏幕的问题。 我有以下代码。 我认为登录用户电子邮件的方式不正确。 有任何想法吗?
string mymail = googleauth.GetUsersEmail(ExchangeCodeWithAccessAndRefreshToken().Access_Token); string path = "d:\\c6b82065f26fbb0-privatekey.p12"; X509Certificate2 certificate = new X509Certificate2( path, "notasecret", X509KeyStorageFlags.Exportable); ServiceAccountCredential credential = new ServiceAccountCredential( new ServiceAccountCredential.Initializer("876131792-v824u6drpss@developer.gserviceaccount.com") { User = mymail, Scopes = new[] { PlusService.Scope.UserinfoEmail, PlusService.Scope.UserinfoProfile, PlusService.Scope.PlusMe } }.FromCertificate(certificate)); PlusService plus = new PlusService(new BaseClientService.Initializer() { HttpClientInitializer = credential, ApplicationName = "myapp" }); Person profile = plus.People.Get("me").Execute(); string email = profile.Emails[0].Value;