Google 使用具有全域授权的服务帐户的课堂
Google Classroom using Service Account with domain-wide-delegation
创建并赋予全域授权的服务帐户是否应该能够访问我的域中的所有课程和作业?我是域管理员并创建了服务帐户。但是,当我执行代码时,它没有 return 任何结果。当我 运行 直接从参考页面发出相同的请求时,它 returns 数据。
<?php
/*
* Copyright 2013 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
include_once __DIR__ . '/../vendor/autoload.php';
include_once "templates/base.php";
echo pageHeader("Service Account Access");
//putenv('/GOOGLE_APPLICATION_CREDENTIALS = service-account-credentials.json');
/************************************************
Make an API request authenticated with a service
account.
************************************************/
$client = new Google_Client();
/************************************************
ATTENTION: Fill in these values, or make sure you
have set the GOOGLE_APPLICATION_CREDENTIALS
environment variable. You can get these credentials
by creating a new Service Account in the
API console. Be sure to store the key file
somewhere you can get to it - though in real
operations you'd want to make sure it wasn't
accessible from the webserver!
Make sure the Books API is enabled on this
account as well, or the call will fail.
************************************************/
putenv('GOOGLE_APPLICATION_CREDENTIALS= ../../../public/service-account-credentials.json');
$client->useApplicationDefaultCredentials();
if ($credentials_file = checkServiceAccountCredentialsFile()) {
// set the location manually
$client->setAuthConfig($credentials_file);
} elseif (getenv('GOOGLE_APPLICATION_CREDENTIALS')) {
// use the application default credentials
$client->useApplicationDefaultCredentials();
} else {
echo missingServiceAccountDetailsWarning();
return;
}
$client->setApplicationName("Google-Classroom");
$client->setScopes(['https://www.googleapis.com/auth/classroom.courses.readonly']);
$service = new Google_Service_Classroom($client);
/************************************************
We're just going to make the same call as in the
simple query as an example.
************************************************/
$optParams = array('pageSize' => 10,'studentId'=>'childressda@lcsedu.net');
$results = $service->courses->listCourses($optParams);
if (count($results->getCourses()) == 0) {
print "No courses found.\n";
} else {
echo "<h3>Results Of Call:</h3>";
foreach ($results as $course){
echo $course->getName();
echo"<br />";
}
}
pageFooter(__FILE__);
?>
全域委派要求您指定您希望充当的域用户。它也不适用于应用程序默认凭据(AppEngine 和 Compute Engine 服务中内置的服务帐户),您需要在项目中手动创建 SA。假设您使用的是您创建的 SA(凭据文件),请尝试添加:
$user_to_impersonate = "admin@yourdomain.com";
$client->setSubject($user_to_impersonate);
创建并赋予全域授权的服务帐户是否应该能够访问我的域中的所有课程和作业?我是域管理员并创建了服务帐户。但是,当我执行代码时,它没有 return 任何结果。当我 运行 直接从参考页面发出相同的请求时,它 returns 数据。
<?php
/*
* Copyright 2013 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
include_once __DIR__ . '/../vendor/autoload.php';
include_once "templates/base.php";
echo pageHeader("Service Account Access");
//putenv('/GOOGLE_APPLICATION_CREDENTIALS = service-account-credentials.json');
/************************************************
Make an API request authenticated with a service
account.
************************************************/
$client = new Google_Client();
/************************************************
ATTENTION: Fill in these values, or make sure you
have set the GOOGLE_APPLICATION_CREDENTIALS
environment variable. You can get these credentials
by creating a new Service Account in the
API console. Be sure to store the key file
somewhere you can get to it - though in real
operations you'd want to make sure it wasn't
accessible from the webserver!
Make sure the Books API is enabled on this
account as well, or the call will fail.
************************************************/
putenv('GOOGLE_APPLICATION_CREDENTIALS= ../../../public/service-account-credentials.json');
$client->useApplicationDefaultCredentials();
if ($credentials_file = checkServiceAccountCredentialsFile()) {
// set the location manually
$client->setAuthConfig($credentials_file);
} elseif (getenv('GOOGLE_APPLICATION_CREDENTIALS')) {
// use the application default credentials
$client->useApplicationDefaultCredentials();
} else {
echo missingServiceAccountDetailsWarning();
return;
}
$client->setApplicationName("Google-Classroom");
$client->setScopes(['https://www.googleapis.com/auth/classroom.courses.readonly']);
$service = new Google_Service_Classroom($client);
/************************************************
We're just going to make the same call as in the
simple query as an example.
************************************************/
$optParams = array('pageSize' => 10,'studentId'=>'childressda@lcsedu.net');
$results = $service->courses->listCourses($optParams);
if (count($results->getCourses()) == 0) {
print "No courses found.\n";
} else {
echo "<h3>Results Of Call:</h3>";
foreach ($results as $course){
echo $course->getName();
echo"<br />";
}
}
pageFooter(__FILE__);
?>
全域委派要求您指定您希望充当的域用户。它也不适用于应用程序默认凭据(AppEngine 和 Compute Engine 服务中内置的服务帐户),您需要在项目中手动创建 SA。假设您使用的是您创建的 SA(凭据文件),请尝试添加:
$user_to_impersonate = "admin@yourdomain.com";
$client->setSubject($user_to_impersonate);