将 Google API Python 客户端与 SignedJwtAssertionCredentials 一起使用
Using Google API Python client with SignedJwtAssertionCredentials
我正在尝试使用 google_api_python_client-1.4.0 从 Google 获取用户列表。我得到了 access_denied 错误,即使我拥有全域授权。
有趣的是..当我将相同的 certificate/credentials 与 .net 客户端库一起使用时,它起作用了。
我得到的错误是
文件“/Library/Python/2.7/site-packages/oauth2client-1.4.6-py2.7.egg/oauth2client/client.py”,第 807 行,在 _do_refresh_request
oauth2client.client.AccessTokenRefreshError: access_denied: 请求的客户端未授权。
# Load the key in PKCS 12 format that you downloaded from the Google API
# Console when you created your Service account.
f = file('Gkeys/87ty8g87-privatekey.p12', 'rb')
key = f.read()
f.close()
# Create an httplib2.Http object to handle our HTTP requests and authorize it
# with the Credentials. Note that the first parameter, service_account_name,
# is the Email address created for the Service account. It must be the email
# address associated with the key that was created.
credentials = SignedJwtAssertionCredentials(
'889h98h98h98h98h9lurk@developer.gserviceaccount.com',
key,
scope=['https://www.googleapis.com/auth/admin.directory.group.readonly','https://www.googleapis.com/auth/admin.directory.user.readonly'],
private_key_password='notasecret',
sub='admin.user@domain.com'
)
http = httplib2.Http()
http = credentials.authorize(http)
directory_service = build('admin', 'directory_v1', http=http)
all_users = []
page_token = None
params = {'groupKey': 'groupname@domain.com'}
while True:
try:
if page_token:
params['pageToken'] = page_token
#current_page = directory_service.users().list(**params).execute()
#current_page = directory_service.members().list(**params).execute()
current_page = directory_service.members().list(groupKey='groupname@domain.com').execute()
all_users.extend(current_page['users'])
page_token = current_page.get('nextPageToken')
if not page_token:
break
except errors.HttpError as error:
print 'An error occurred: %s' % error
break
for user in all_users:
print user['primaryEmail']
您确定您在控制面板中授权的范围与您在此处请求的范围完全匹配吗?如果您授权 read/write 范围并在此处使用只读范围,我相信这会导致您的错误。
我正在尝试使用 google_api_python_client-1.4.0 从 Google 获取用户列表。我得到了 access_denied 错误,即使我拥有全域授权。
有趣的是..当我将相同的 certificate/credentials 与 .net 客户端库一起使用时,它起作用了。
我得到的错误是 文件“/Library/Python/2.7/site-packages/oauth2client-1.4.6-py2.7.egg/oauth2client/client.py”,第 807 行,在 _do_refresh_request oauth2client.client.AccessTokenRefreshError: access_denied: 请求的客户端未授权。
# Load the key in PKCS 12 format that you downloaded from the Google API
# Console when you created your Service account.
f = file('Gkeys/87ty8g87-privatekey.p12', 'rb')
key = f.read()
f.close()
# Create an httplib2.Http object to handle our HTTP requests and authorize it
# with the Credentials. Note that the first parameter, service_account_name,
# is the Email address created for the Service account. It must be the email
# address associated with the key that was created.
credentials = SignedJwtAssertionCredentials(
'889h98h98h98h98h9lurk@developer.gserviceaccount.com',
key,
scope=['https://www.googleapis.com/auth/admin.directory.group.readonly','https://www.googleapis.com/auth/admin.directory.user.readonly'],
private_key_password='notasecret',
sub='admin.user@domain.com'
)
http = httplib2.Http()
http = credentials.authorize(http)
directory_service = build('admin', 'directory_v1', http=http)
all_users = []
page_token = None
params = {'groupKey': 'groupname@domain.com'}
while True:
try:
if page_token:
params['pageToken'] = page_token
#current_page = directory_service.users().list(**params).execute()
#current_page = directory_service.members().list(**params).execute()
current_page = directory_service.members().list(groupKey='groupname@domain.com').execute()
all_users.extend(current_page['users'])
page_token = current_page.get('nextPageToken')
if not page_token:
break
except errors.HttpError as error:
print 'An error occurred: %s' % error
break
for user in all_users:
print user['primaryEmail']
您确定您在控制面板中授权的范围与您在此处请求的范围完全匹配吗?如果您授权 read/write 范围并在此处使用只读范围,我相信这会导致您的错误。