问题
I'm trying to make an automation script for the Directory API to create Apps Users. I think I'm close because the below code runs to some extent: I can input the 'password' parameter but after that gets sent with the other params it crashes with this error:
raise HttpError(resp, content, uri=self.uri) apiclient.errors.HttpError: https://www.googleapis.com/admin/directory/v1/users?alt=json returned "Not Authorized to access this resource/api">
And here is the script:
import httplib2
import pprint
import sys
import json
import urllib
import urllib2
from apiclient import errors
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
def main(argv):
# Load the key in PKCS 12 format that you downloaded from the Google API
# Console when you created your Service account.
f = file('key.p12', 'rb')
key = f.read()
f.close()
# Create an httplib2.Http object to handle our HTTP requests and authorize it
# with the Credentials. Note that the first parameter, service_account_name,
# is the Email address created for the Service account. It must be the email
# address associated with the key that was created.
credentials = SignedJwtAssertionCredentials('CLIENT_EMAIL',
key, scope='https://www.googleapis.com/auth/admin.directory.user')
http = httplib2.Http()
http = credentials.authorize(http)
#Parameters for new user
params = {'name':{'givenName':'John', 'familyName':'Smith'}, \
'password':raw_input("Enter password "), 'primaryEmail':'jsfake@bn.co'}
service = build("admin", "directory_v1", http=http)
insertedUser = service.users().insert(body=params).execute()
if __name__ == '__main__':
main(sys.argv)
回答1:
Seems that this issue is related to this topic here: Received error "Not Authorized to access this resource/api" when trying to use Google Directory API and Service Account Authentication
You need to pass account email with admin permissions into credentials like this:
credentials = SignedJwtAssertionCredentials('CLIENT_EMAIL',
key, scope='https://www.googleapis.com/auth/admin.directory.user', sub='superadmin@domain.com')
来源:https://stackoverflow.com/questions/25849525/google-admin-api-gives-http-error-403-not-authorized-to-access-this-resource-ap