GMail API 设置非主要发送为签名 return 错误 403
GMail API set non-primary send as signature return error 403
我正在制作一个应为域中的每个用户设置签名的应用程序。当我尝试在主别名上设置签名时,这个工作正常,但这个解决方案不适用于其他别名(非主别名)。
我使用了一个工作正常的域范围委托,因为我可以为域中的所有主要发送设置签名作为别名。为此,我使用请求:'www.googleapis.com/gmail/v1/users/<email_address>/settings/sendAs/<alias_address>'。当我对非主要别名执行完全相同的操作时,我收到一条错误 403,其中有一条消息告诉我缺少范围 'www.googleapis.com/auth/gmail.settings.sharing'.
Missing required scope "https://www.googleapis.com/auth/gmail.settings.sharing" for modifying non-primary SendAs
这些是我在代码中使用的范围:
"oauthScopes": [
"https://www.googleapis.com/auth/gmail.settings.basic",
"https://www.googleapis.com/auth/gmail.settings.sharing",
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/documents",
"https://www.googleapis.com/auth/admin.directory.user.readonly",
"https://www.googleapis.com/auth/drive.readonly"
]
如您所见,范围 'sharing' 存在。
// The service that allow me to list send as alias
var serviceListe = getDomainWideDelegationService('Gmail: ', 'https://www.googleapis.com/auth/gmail.settings.basic', user.primaryEmail)
// THe service that allow me to edit send as signature
var serviceModif = getDomainWideDelegationService('Gmail: ', 'https://www.googleapis.com/auth/gmail.settings.sharing', user.primaryEmail)
returns全域委托的代码:
function getDomainWideDelegationService(serviceName, scope, email) {
return OAuth2.createService(serviceName + email)
// Set the endpoint URL.
.setTokenUrl('https://oauth2.googleapis.com/token')
// Set the private key and issuer.
.setPrivateKey(OAUTH2_SERVICE_ACCOUNT_PRIVATE_KEY)
.setIssuer(OAUTH2_SERVICE_ACCOUNT_CLIENT_EMAIL)
// Set the name of the user to impersonate. This will only work for
// Google Apps for Work/EDU accounts whose admin has setup domain-wide
// delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
.setSubject(email)
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(PropertiesService.getScriptProperties())
// Set the scope. This must match one of the scopes configured during the
// setup of domain-wide delegation.
.setScope(scope);
}
根据文档here:
scope - this field specifies a space-delimited list of access scopes that correspond to the resources that your application could access on the user's behalf. These values inform the consent screen that Google displays to the user.
考虑到这一点,我建议您使用 spaces 和 not commas 分隔范围].
参考
我正在制作一个应为域中的每个用户设置签名的应用程序。当我尝试在主别名上设置签名时,这个工作正常,但这个解决方案不适用于其他别名(非主别名)。
我使用了一个工作正常的域范围委托,因为我可以为域中的所有主要发送设置签名作为别名。为此,我使用请求:'www.googleapis.com/gmail/v1/users/<email_address>/settings/sendAs/<alias_address>'。当我对非主要别名执行完全相同的操作时,我收到一条错误 403,其中有一条消息告诉我缺少范围 'www.googleapis.com/auth/gmail.settings.sharing'.
Missing required scope "https://www.googleapis.com/auth/gmail.settings.sharing" for modifying non-primary SendAs
这些是我在代码中使用的范围:
"oauthScopes": [
"https://www.googleapis.com/auth/gmail.settings.basic",
"https://www.googleapis.com/auth/gmail.settings.sharing",
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/documents",
"https://www.googleapis.com/auth/admin.directory.user.readonly",
"https://www.googleapis.com/auth/drive.readonly"
]
如您所见,范围 'sharing' 存在。
// The service that allow me to list send as alias
var serviceListe = getDomainWideDelegationService('Gmail: ', 'https://www.googleapis.com/auth/gmail.settings.basic', user.primaryEmail)
// THe service that allow me to edit send as signature
var serviceModif = getDomainWideDelegationService('Gmail: ', 'https://www.googleapis.com/auth/gmail.settings.sharing', user.primaryEmail)
returns全域委托的代码:
function getDomainWideDelegationService(serviceName, scope, email) {
return OAuth2.createService(serviceName + email)
// Set the endpoint URL.
.setTokenUrl('https://oauth2.googleapis.com/token')
// Set the private key and issuer.
.setPrivateKey(OAUTH2_SERVICE_ACCOUNT_PRIVATE_KEY)
.setIssuer(OAUTH2_SERVICE_ACCOUNT_CLIENT_EMAIL)
// Set the name of the user to impersonate. This will only work for
// Google Apps for Work/EDU accounts whose admin has setup domain-wide
// delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
.setSubject(email)
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(PropertiesService.getScriptProperties())
// Set the scope. This must match one of the scopes configured during the
// setup of domain-wide delegation.
.setScope(scope);
}
根据文档here:
scope- this field specifies a space-delimited list of access scopes that correspond to the resources that your application could access on the user's behalf. These values inform the consent screen that Google displays to the user.
考虑到这一点,我建议您使用 spaces 和 not commas 分隔范围].