Google 网上论坛目录 API - 无法添加新成员

Google Groups Directory API - Can't add new member

我正在尝试将某些内容集成到我们的网站中,以便在新成员创建帐户时将其添加到我们的 Google 群组邮件列表中。我正在使用 Admin SDK 的 PHP API 来执行此操作,但运气不佳

这是代码

include_once 'autoload.php';
$clientId = 'xxxxxxx.apps.googleusercontent.com';

$serviceAccountName = 'xxxxxx@developer.gserviceaccount.com';

$delegatedAdmin = 'admin@website.org';

$keyFile = 'key.p12';

$appName = 'App Name';

$scopes = array(
    'https://www.googleapis.com/auth/admin.directory.group'
);


if (!($creds = new Google_Auth_AssertionCredentials(
    $serviceAccountName,
    $scopes,
    file_get_contents($keyFile)
))) {
    echo 'creds failed';
    exit;
}

if (!($creds->sub = $delegatedAdmin)) {
    echo 'sub failed';
    exit;
}

if (!($client = new Google_Client())) {
    echo 'obj creation failed failed';
    exit;
}
if (!($client->setApplicationName($appName))) {
    echo 'app name failed';
    exit;
}
if (!($client->setClientId($clientId))) {
    echo 'set id failed';
    exit;
}
if (!($client->setAssertionCredentials($creds))) {
    echo 'assertion failed';
    exit;
}
if (!($dir = new Google_Service_Directory($client))) {
    echo 'dir failed';
    exit;
}

if (!($member = new Google_Service_Directory_Member(array(
                        'email' =>'validtestemail@test.test',
                        'kind' => 'admin#directory#member',
                        'role' => 'MEMBER',
                        'type' => 'USER')))) {
    echo 'member failed';
    exit;
}

if (!($list = $dir->members->insert('groupname@googlegroups.com', $member))) {
    echo 'list failed';
    exit;
}
echo 'good';

如果我 运行 它,代码将停止在设置的应用程序名称处,或者为此设置 $client 的任何属性。如果我将这些部分注释掉,我会得到一个空白页。

你的代码,从 new Google_Service_Directory($client) 开始,对我有用,所以我猜问题出在你的凭据生成上。

这是我成功使用的一些代码:

// Create a new google client.  We need this for all API access.
$client = new Google_Client();
$client->setApplicationName("Google Group Test");

$client_id = '...';
$service_account_name = '...';
$key_file_location = '...';

if (isset($_SESSION['service_token'])) {
    $client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);

// https://www.googleapis.com/auth/admin.directory.group,
// https://www.googleapis.com/auth/admin.directory.group.readonly, 
// https://www.googleapis.com/auth/admin.directory.group.member, 
// https://www.googleapis.com/auth/admin.directory.group.member.readonly,
// https://www.googleapis.com/auth/apps.groups.settings, 
// https://www.googleapis.com/auth/books
$cred = new Google_Auth_AssertionCredentials(
    $service_account_name,
        array(
            Google_Service_Groupssettings::APPS_GROUPS_SETTINGS,
            Google_Service_Directory::ADMIN_DIRECTORY_GROUP,
            Google_Service_Directory::ADMIN_DIRECTORY_GROUP_READONLY,

            Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER,
            Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER_READONLY,

            Google_Service_Books::BOOKS,
        ),
        $key,
        'notasecret'
    );
//
// Very important step:  the service account must also declare the
// identity (via email address) of a user with admin priviledges that
// it would like to masquerade as.
//
// See:  
//
$cred->sub = '...';
$client->setAssertionCredentials($cred);
if ($client->getAuth()->isAccessTokenExpired()) {
    $client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();

在我的示例中,范围比您需要的要多,但我将它们全部保留了下来。请务必在管理控制台中将所有相同的范围授予您的服务帐户。请参阅文档 Using OAuth 2.0 for Server to Server Applications,尤其是 "Delegating domain-wide authority to the service account" 部分。您需要转到页面:

https://admin.google.com/YOURDOMAIN/AdminHome?chromeless=1#OGX:ManageOauthClients

将 YOURDOMAIN 替换为您的 Google Apps 帐户的域。