错误 403:向 Cloud PubSub 发送测试消息时出错:用户无权执行此操作
Error 403: Error sending test message to Cloud PubSub: User not authorized to perform this action
我想设置推送通知手表,但收到错误响应。我需要什么授权?
要求:
// Google API
$client = getClient();
// POST request
$ch = curl_init('https://www.googleapis.com/gmail/v1/users/me/watch');
curl_setopt_array($ch, array(
CURLOPT_POST => TRUE,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_HTTPHEADER => array(
'Authorization: Bearer ' . $client->getAccessToken()['access_token'],
'Content-Type: application/json'
),
CURLOPT_POSTFIELDS => json_encode(array(
'topicName' => 'projects/xxxx/topics/xxxx',
'labelIds' => ["INBOX"]
))
));
回复:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
],
"code": 403,
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
}
更多详情:
- 使用的范围是
GMAIL_READONLY。
- 订阅和主题存在,并且它们是在同一个控制台中创建的。
- 我尝试从控制台发布一条新消息并且成功了。
来自页面:https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic
Cloud Pub/Sub requires that you grant Gmail privileges to publish
notifications to your topic.
To do this, you need to grant publish privileges to
serviceAccount:gmail-api-push@system.gserviceaccount.com. You can do
this using the Cloud Pub/Sub Developer Console permissions interface
following the resource-level access control instructions.
(强调)
您必须授予主题权限。
转到您的主题列表
或点击下方linkhttps://console.cloud.google.com/cloudpubsub/topic.
然后点击你的话题
然后在右侧的权限选项卡中,单击“添加成员”按钮
然后输入新会员邮箱或者如果你的应用有多个用户那么你可以输入allUsers。然后 Select 角色 Pub/Sub Publisher 并单击 Save 按钮。
注意:这将使您的主题public.
不要添加 allAuthenticatedUsers 或 allUsers ,那将使您的主题 public。您可能已经看到此警告
This resource is public and can be accessed by anyone on the internet.
To remove public access, remove "allUsers" and "allAuthenticatedUsers"
from the resource's members.
所以不要这样做
改为添加 gmail-api-push@system.gserviceaccount.com。这将工作。
参考:https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic
我想设置推送通知手表,但收到错误响应。我需要什么授权?
要求:
// Google API
$client = getClient();
// POST request
$ch = curl_init('https://www.googleapis.com/gmail/v1/users/me/watch');
curl_setopt_array($ch, array(
CURLOPT_POST => TRUE,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_HTTPHEADER => array(
'Authorization: Bearer ' . $client->getAccessToken()['access_token'],
'Content-Type: application/json'
),
CURLOPT_POSTFIELDS => json_encode(array(
'topicName' => 'projects/xxxx/topics/xxxx',
'labelIds' => ["INBOX"]
))
));
回复:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
],
"code": 403,
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
}
更多详情:
- 使用的范围是
GMAIL_READONLY。 - 订阅和主题存在,并且它们是在同一个控制台中创建的。
- 我尝试从控制台发布一条新消息并且成功了。
来自页面:https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic
Cloud Pub/Sub requires that you grant Gmail privileges to publish notifications to your topic.
To do this, you need to grant publish privileges to serviceAccount:gmail-api-push@system.gserviceaccount.com. You can do this using the Cloud Pub/Sub Developer Console permissions interface following the resource-level access control instructions.
(强调)
您必须授予主题权限。 转到您的主题列表 或点击下方linkhttps://console.cloud.google.com/cloudpubsub/topic.
然后点击你的话题
然后在右侧的权限选项卡中,单击“添加成员”按钮
然后输入新会员邮箱或者如果你的应用有多个用户那么你可以输入allUsers。然后 Select 角色 Pub/Sub Publisher 并单击 Save 按钮。
注意:这将使您的主题public.
不要添加 allAuthenticatedUsers 或 allUsers ,那将使您的主题 public。您可能已经看到此警告
This resource is public and can be accessed by anyone on the internet. To remove public access, remove "allUsers" and "allAuthenticatedUsers" from the resource's members.
所以不要这样做
改为添加 gmail-api-push@system.gserviceaccount.com。这将工作。
参考:https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic