Google 网上论坛目录 API - 无法添加新成员
Google Groups Directory API - Can't add new member
我正在尝试将某些内容集成到我们的网站中,以便在新成员创建帐户时将其添加到我们的 Google 群组邮件列表中。我正在使用 Admin SDK 的 PHP API 来执行此操作,但运气不佳
这是代码
include_once 'autoload.php';
$clientId = 'xxxxxxx.apps.googleusercontent.com';
$serviceAccountName = 'xxxxxx@developer.gserviceaccount.com';
$delegatedAdmin = 'admin@website.org';
$keyFile = 'key.p12';
$appName = 'App Name';
$scopes = array(
'https://www.googleapis.com/auth/admin.directory.group'
);
if (!($creds = new Google_Auth_AssertionCredentials(
$serviceAccountName,
$scopes,
file_get_contents($keyFile)
))) {
echo 'creds failed';
exit;
}
if (!($creds->sub = $delegatedAdmin)) {
echo 'sub failed';
exit;
}
if (!($client = new Google_Client())) {
echo 'obj creation failed failed';
exit;
}
if (!($client->setApplicationName($appName))) {
echo 'app name failed';
exit;
}
if (!($client->setClientId($clientId))) {
echo 'set id failed';
exit;
}
if (!($client->setAssertionCredentials($creds))) {
echo 'assertion failed';
exit;
}
if (!($dir = new Google_Service_Directory($client))) {
echo 'dir failed';
exit;
}
if (!($member = new Google_Service_Directory_Member(array(
'email' =>'validtestemail@test.test',
'kind' => 'admin#directory#member',
'role' => 'MEMBER',
'type' => 'USER')))) {
echo 'member failed';
exit;
}
if (!($list = $dir->members->insert('groupname@googlegroups.com', $member))) {
echo 'list failed';
exit;
}
echo 'good';
如果我 运行 它,代码将停止在设置的应用程序名称处,或者为此设置 $client 的任何属性。如果我将这些部分注释掉,我会得到一个空白页。
你的代码,从 new Google_Service_Directory($client)
开始,对我有用,所以我猜问题出在你的凭据生成上。
这是我成功使用的一些代码:
// Create a new google client. We need this for all API access.
$client = new Google_Client();
$client->setApplicationName("Google Group Test");
$client_id = '...';
$service_account_name = '...';
$key_file_location = '...';
if (isset($_SESSION['service_token'])) {
$client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
// https://www.googleapis.com/auth/admin.directory.group,
// https://www.googleapis.com/auth/admin.directory.group.readonly,
// https://www.googleapis.com/auth/admin.directory.group.member,
// https://www.googleapis.com/auth/admin.directory.group.member.readonly,
// https://www.googleapis.com/auth/apps.groups.settings,
// https://www.googleapis.com/auth/books
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
array(
Google_Service_Groupssettings::APPS_GROUPS_SETTINGS,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_READONLY,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER_READONLY,
Google_Service_Books::BOOKS,
),
$key,
'notasecret'
);
//
// Very important step: the service account must also declare the
// identity (via email address) of a user with admin priviledges that
// it would like to masquerade as.
//
// See:
//
$cred->sub = '...';
$client->setAssertionCredentials($cred);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();
在我的示例中,范围比您需要的要多,但我将它们全部保留了下来。请务必在管理控制台中将所有相同的范围授予您的服务帐户。请参阅文档 Using OAuth 2.0 for Server to Server Applications,尤其是 "Delegating domain-wide authority to the service account" 部分。您需要转到页面:
https://admin.google.com/YOURDOMAIN/AdminHome?chromeless=1#OGX:ManageOauthClients
将 YOURDOMAIN 替换为您的 Google Apps 帐户的域。
我正在尝试将某些内容集成到我们的网站中,以便在新成员创建帐户时将其添加到我们的 Google 群组邮件列表中。我正在使用 Admin SDK 的 PHP API 来执行此操作,但运气不佳
这是代码
include_once 'autoload.php';
$clientId = 'xxxxxxx.apps.googleusercontent.com';
$serviceAccountName = 'xxxxxx@developer.gserviceaccount.com';
$delegatedAdmin = 'admin@website.org';
$keyFile = 'key.p12';
$appName = 'App Name';
$scopes = array(
'https://www.googleapis.com/auth/admin.directory.group'
);
if (!($creds = new Google_Auth_AssertionCredentials(
$serviceAccountName,
$scopes,
file_get_contents($keyFile)
))) {
echo 'creds failed';
exit;
}
if (!($creds->sub = $delegatedAdmin)) {
echo 'sub failed';
exit;
}
if (!($client = new Google_Client())) {
echo 'obj creation failed failed';
exit;
}
if (!($client->setApplicationName($appName))) {
echo 'app name failed';
exit;
}
if (!($client->setClientId($clientId))) {
echo 'set id failed';
exit;
}
if (!($client->setAssertionCredentials($creds))) {
echo 'assertion failed';
exit;
}
if (!($dir = new Google_Service_Directory($client))) {
echo 'dir failed';
exit;
}
if (!($member = new Google_Service_Directory_Member(array(
'email' =>'validtestemail@test.test',
'kind' => 'admin#directory#member',
'role' => 'MEMBER',
'type' => 'USER')))) {
echo 'member failed';
exit;
}
if (!($list = $dir->members->insert('groupname@googlegroups.com', $member))) {
echo 'list failed';
exit;
}
echo 'good';
如果我 运行 它,代码将停止在设置的应用程序名称处,或者为此设置 $client 的任何属性。如果我将这些部分注释掉,我会得到一个空白页。
你的代码,从 new Google_Service_Directory($client)
开始,对我有用,所以我猜问题出在你的凭据生成上。
这是我成功使用的一些代码:
// Create a new google client. We need this for all API access.
$client = new Google_Client();
$client->setApplicationName("Google Group Test");
$client_id = '...';
$service_account_name = '...';
$key_file_location = '...';
if (isset($_SESSION['service_token'])) {
$client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
// https://www.googleapis.com/auth/admin.directory.group,
// https://www.googleapis.com/auth/admin.directory.group.readonly,
// https://www.googleapis.com/auth/admin.directory.group.member,
// https://www.googleapis.com/auth/admin.directory.group.member.readonly,
// https://www.googleapis.com/auth/apps.groups.settings,
// https://www.googleapis.com/auth/books
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
array(
Google_Service_Groupssettings::APPS_GROUPS_SETTINGS,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_READONLY,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER_READONLY,
Google_Service_Books::BOOKS,
),
$key,
'notasecret'
);
//
// Very important step: the service account must also declare the
// identity (via email address) of a user with admin priviledges that
// it would like to masquerade as.
//
// See:
//
$cred->sub = '...';
$client->setAssertionCredentials($cred);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();
在我的示例中,范围比您需要的要多,但我将它们全部保留了下来。请务必在管理控制台中将所有相同的范围授予您的服务帐户。请参阅文档 Using OAuth 2.0 for Server to Server Applications,尤其是 "Delegating domain-wide authority to the service account" 部分。您需要转到页面:
https://admin.google.com/YOURDOMAIN/AdminHome?chromeless=1#OGX:ManageOauthClients
将 YOURDOMAIN 替换为您的 Google Apps 帐户的域。