问题
I have a problem with the domain-wide delegation using Google API PHP Client (https://github.com/googleapis/google-api-php-client).
I know this question has been asked before but I couldn’t find any solution, so I’m here asking again hoping that meanwhile someone solved this problem.
Situation
I created a service account and enabled G Suite domain-wide delegation, following the google guide (https://developers.google.com/admin-sdk/directory/v1/guides/delegation), but I cannot read the calendars from my service account, if they are not explicitly shared.
I tested it with a “normal” user calendar:
- If I do not share the calendar, I get Error “Not Found”
- If I share the calendar with the service account (Calendar settings > Share with specific people > add the service account), I can read the events in this calendar from the service account
Here's the code:
<?php
require __DIR__ . '/vendor/autoload.php';
$client = new Google_Client();
putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json');
$client->useApplicationDefaultCredentials();
$client->setApplicationName('TestCalendarAPI');
$client->authorize();
$scopes = implode(' ', array(Google_Service_Calendar::CALENDAR, Google_Service_Calendar::CALENDAR_EVENTS));
$client->setScopes($scopes);
$service = new Google_Service_Calendar($client);
$optParams = array(
'maxResults' => 10,
'orderBy' => 'startTime',
'singleEvents' => TRUE,
'timeMin' => date('c')
);
$results = $service->events->listEvents('user@email.com', $optParams);
$events = $results->getItems();
if (empty($events)) {
print "No upcoming events found.\n";
}
else {
foreach ($events as $event) {
printf("Summary: %s \n", $event->summary);
}
}
Questions
The problem is that I don't want to share every calendar with the service account to be able to read their events. Isn't this the aim of the domain-wide delegation?
Moreover, what I want to do is to read the events of a resource, and I'm not able to share the calendar of the resource with the service account. If there's no way to get the domain-wide delegation to work, do you know how to share the resources calendar with the service account?
Thank you in advance for any help!
Solution
This is the solution I adopted (hope that this could help someone!).
I impersonated a user that subscribed the rooms I'm interested in:
$client->setSubject('user@email.com');
and then read the room's calendar:
$results = $service->events->listEvents('room@email.com', $optParams);
This way, there's not even need to share the user's or the room's calendars with the service account!
回答1:
With the service account you need to impersonate a domain user in order to have access to the same data as that user, otherwise you'll only be able to make requests to accessible public data. You could impersonate each user in case you need the calendar for each one.
From the example of the Google API PHP library, you can use setSubject method when setting the client object:
$client->setSubject($user_to_impersonate);
来源:https://stackoverflow.com/questions/60706751/service-account-domain-wide-delegation-google-calendar-api-v3-on-php