问题
- I created google app in developer console.
- Enable Admin SDK
- Enable API access
- In "Manage OAuth Client access" i added "Authorized API client" with "https://www.googleapis.com/auth/admin.directory.user" scope.
Further, i want to get users from my domain.
JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
ArrayList<String> scopeList = new ArrayList<>();
scopeList.add(DirectoryScopes.ADMIN_DIRECTORY_USER_READONLY);
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("bla-bla@developer.gserviceaccount.com")
.setServiceAccountScopes(scopeList)
.setServiceAccountPrivateKeyFromP12File(new File("p12 file")))
.setServiceAccountUser("superadmin@my-domain.com")
.build();
credential.setAccessToken("access token of current google user");
Directory admin = new Directory.Builder(httpTransport, JSON_FACTORY, credential)
.setApplicationName("Capsidea")
.setHttpRequestInitializer(credential).build();
return admin.users().list().setDomain("my-domain.com").execute();
All it's working when i login into google via OAuth by superadmin@my-domain.com. But when i logined by some-user-non-admin@my-domain.com i have the error: "Not Authorized to access this resource/api"
Can an non admin user to get a list of all users in the domain? When the domain change this code will work given that it is necessary to specify superadmin'a ? Any ideas?
回答1:
setServiceAccountUser needs a user capable of Admin API usage (there is a fine-grained role configuration tool).
Do state that such a user is needed for your code to work.
来源:https://stackoverflow.com/questions/24359557/google-admin-sdk-for-non-admin-user