Python 服务帐户、web OAuth和目录API
我对目录API+服务帐户(Google API)有问题。这是我当前的设置:Python 服务帐户、web OAuth和目录API,python,api,oauth,google-oauth,Python,Api,Oauth,Google Oauth,我对目录API+服务帐户(Google API)有问题。这是我当前的设置: 网页具有如下OAuth2登录链接:https://accounts.google.com/o/oauth2/auth?access_type=offline&state=%2Fprofile&redirect_uri=##REDIR##&response_type=code&client_id=##CLIENTID##&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuse
https://accounts.google.com/o/oauth2/auth?access_type=offline&state=%2Fprofile&redirect_uri=##REDIR##&response_type=code&client_id=##CLIENTID##&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.user.readonly
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
import httplib2
CLIENT_ID = "xzxzxzxzxzxz.apps.googleusercontent.com"
APP_EMAIL = "xzxzxzxzxzxz@developer.gserviceaccount.com"
SCOPES = ('https://www.googleapis.com/auth/admin.directory.user.readonly')
f = file('key.p12', 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(APP_EMAIL, key, SCOPES, sub="user@example.com")
http = httplib2.Http()
http = credentials.authorize(http)
directory_service = build('admin', 'directory_v1', http=http)
users = directory_service.users().list(domain="example.com").execute()
print users
我还尝试设置sub=”user@example.com“
发送给应用程序所有者,如下所示sub=”appowner@company.com“
,但无效
我尝试过的另一件事是根本不使用模拟(即删除sub=xx部分),这导致我出现以下错误:
apiclient.errors.HttpError:https://www.googleapis.com/admin/directory/v1/users?domain=example.com&alt=json 返回“未授权访问此资源/api”>
使用模拟总是会产生这样的效果。我已经验证了它与我尝试调用的作用域和api有关:
oauth2client.client.AccessTokenRefreshError:访问被拒绝
现在,实际问题是: