时间戳

首页 > 解决方案 > 使用 PHP 为我们的客户创建管理员用户的 Gsuite 经销商 API

google-api - 使用 PHP 为我们的客户创建管理员用户的 Gsuite 经销商 API

问题描述

我正在使用 google API 客户端服务来执行所有 GSuite API,例如客户创建、客户订阅和客户管理员用户创建。

因此,使用 API 我可以创建客户、订阅和列出客户的用户。但只有我不能做的事情,即客户管理员用户创建。

似乎这需要一些范围“ https://www.googleapis.com/auth/admin.directory.user ”。

但是经过多次尝试,我启用了范围“ https://www.googleapis.com/auth/admin.directory.user.readonly ”。但我不记得它是如何被我启用的,只有我记得当我尝试使用 API 控制台时,我选择了所有目录 API 进行授权,即使这也是“ https://www.googleapis.com/auth/admin .directory.user ”。

所以现在的问题是使用 API 创建管理员用户。我收到错误“权限不足:请求的身份验证范围不足”。

我仅通过引用以下 URL 来完成所有这些工作。

https://developers.google.com/admin-sdk/reseller/v1/quickstart/php https://developers.google.com/admin-sdk/directory/v1/quickstart/php

因此,请帮助我授予访问“ https://www.googleapis.com/auth/admin.directory.user ”的权限,以便为我的应用程序创建管理员用户。

我已经使用下面的脚本来做到这一点。

<?php
require __DIR__ . '/vendor/autoload.php';
if (php_sapi_name() != 'cli') {
    throw new Exception('This application must be run on the command line.');
}

function getClient()
{
    $OAUTH2_SCOPES = [
        Google_Service_Reseller::APPS_ORDER,
        Google_Service_SiteVerification::SITEVERIFICATION,
        Google_Service_Directory::ADMIN_DIRECTORY_USER,
    ];

    $client = new Google_Client();
    $client->setApplicationName('G Suite Reseller API PHP Quickstart');
    $client->setScopes(Google_Service_Reseller::APPS_ORDER);
    $client->setAuthConfig('credentials.json');
    $client->setAccessType('offline');
    $client->setPrompt('select_account consent');

    $tokenPath = 'token.json';
    if (file_exists($tokenPath)) {
        $accessToken = json_decode(file_get_contents($tokenPath), true);
        $client->setAccessToken($accessToken);
    }


    if ($client->isAccessTokenExpired()) {
            if ($client->getRefreshToken()) {
            $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
        } else {
                $authUrl = $client->createAuthUrl();
            printf("Open the following link in your browser:\n%s\n", $authUrl);
            print 'Enter verification code: ';
            $authCode = trim(fgets(STDIN));


            $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
            $client->setAccessToken($accessToken);


            if (array_key_exists('error', $accessToken)) {
                throw new Exception(join(', ', $accessToken));
            }
        }

        if (!file_exists(dirname($tokenPath))) {
            mkdir(dirname($tokenPath), 0700, true);
        }
        file_put_contents($tokenPath, json_encode($client->getAccessToken()));
    }
    return $client;
}

$client = getClient();
$user = new Google_Service_Directory_User($client);
$service = new Google_Service_Directory($client);
$names = new Google_Service_Directory_UserName($client);

    $customerId = $cusomter_id;
    $email_id = $admin_email_id;
    $fname = $fname;
    $lname = $lname;
    $kind = "admin#directory#user";
    $user->setKind($kind);
    $user->setChangePasswordAtNextLogin(true);
    $user->setprimaryEmail($email_id);
    $user->setCustomerId($customerId);
    $user->setIsAdmin(true);

    $names->setFamilyName($fname);
    $names->setFullName($fname);

    $user->setName($names);
    $user->setPassword($password);
    $setEmails = array("address"=>$email_id, "type"=>"work", "primary"=>true,"isAdmin"=>true);
    $user->setEmails($setEmails);
    $results = $service->users->insert($user);
    print_r($results);
?>

响应错误

PHP Fatal error:  Uncaught exception 'Google_Service_Exception' with message '{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "insufficientPermissions",
    "message": "Insufficient Permission: Request had insufficient authentication scopes."
   }
  ],
  "code": 403,
  "message": "Insufficient Permission: Request had insufficient authentication scopes."
 }
}
' in google-gsuite-api/google-api-php-client-2.2.3/src/Google/Http/REST.php:118
Stack trace:
#0 google-gsuite-api/google-api-php-client-2.2.3/src/Google/Http/REST.php(94): Google_Http_REST::decodeHttpResponse(Object(GuzzleHttp\Psr7\Response), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...')
#1 [internal function]: Google_Http_REST::doExecute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...')
#2 google-gsuite-api/google-api-php-client-2.2.3/src/Google/Task/Runner.php(176): call_user_func_ in google-gsuite-api/google-api-php-client-2.2.3/src/Google/Http/REST.php on line 118

标签: google-apigoogle-api-php-clientgoogle-api-clientgoogle-admin-sdkgoogle-workspace

解决方案

推荐阅读