Admin-sdk与市场不兼容。

huangapple go评论159阅读模式
英文:

Admin-sdk with marketplace does not work

问题

我正在尝试使用admin-sdk构建一个市场应用程序。

阅读文档,似乎两腿身份验证是市场应用程序的唯一选择。

我想要检查当前用户是否是管理员,所以我想使用以下链接:

https://www.googleapis.com/admin/directory/v1/users/(useremail)?xoauth_requestor_id=(admin-email)

我尝试让两者相同,都是管理员的身份。

授权头部也是如下所示。

OAuth realm="", oauth_signature_method="HMAC-SHA1", 
oauth_version="1.0", oauth_consumer_key="<来自市场的密钥>",
oauth_nonce="4473365854789985180", oauth_timestamp="1380453874",
scope="https://www.googleapis.com/auth/admin.directory.user", 
oauth_signature="yEcbWIp5f1nNFaUI8vSxn1NYlzw="

当向该URL发出请求时,我收到错误消息。

"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"

我寻找了一些API来解决这个问题,但没有找到适用于带有admin-sdk的两腿身份验证的API。有人可以帮我解决这个问题吗?

另外,是否可以使用服务账号来实现这样的功能?

最后,我还想最终在golang中使用admin-sdk。

英文:

I was trying to build a market place application with admin-sdk.

Reading the docs, it looks like two legged authentication is the only way to go as far as market place apps are concerned.

Wanted to check if the current user is an admin so for that, I wanted to use

https://www.googleapis.com/admin/directory/v1/users/(useremail)?xoauth_requestor_id=(admin-email)

I was trying both to be the same and to be that of the admin

The Authorization header is also as follows.

OAuth realm="", oauth_signature_method="HMAC-SHA1", 
oauth_version="1.0", oauth_consumer_key="<key from market place>",
oauth_nonce="4473365854789985180", oauth_timestamp="1380453874",
scope="https://www.googleapis.com/auth/admin.directory.user", 
oauth_signature="yEcbWIp5f1nNFaUI8vSxn1NYlzw="

When this request is made to the url I am getting error saying.

"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"

I looked for apis to get it done but could not find for two legged with admin-sdk. Could someone please help me tackle the problem ?

Also can such a feature be done by using service accounts ?

I also wanted to, in the end have the admin-sdk to be used golang in the end.

答案1

得分: 2

市场仍在使用OAuth 1.0。所以我认为你不能真正使用服务帐号,因为它实际上是为OAuth 2.0设计的。

你查看了这两个文档吗?
https://developers.google.com/accounts/docs/OAuth#GoogleAppsOAuth
https://developers.google.com/gdata/docs/auth/oauth#2LeggedOAuth

无论如何,你需要确保使用的clientID和client secret已启用Admin SDK,并且是从API控制台生成的。此外,你是否还在管理控制台的管理第三方OAuth中启用了具有Admin SDK范围的clientID?

我能够顺利进行以下调用:

https://www.googleapis.com/admin/directory/v1/users/user@domain.com?xoauth_requestor_id=admin@domain.com&key=APIkey_from_API_console

英文:

Marketplace still uses OAuth 1.0. So I don't think you can really use service account as it is really for OAuth 2.0.

Have you checked out these two documents?
https://developers.google.com/accounts/docs/OAuth#GoogleAppsOAuth
https://developers.google.com/gdata/docs/auth/oauth#2LeggedOAuth

Anyway, you want to make sure you are using the clientID and client secret that has Admin SDK enabled you generated from API console. Additionally, have you also had the clientID enabled with the Admin SDK scope in Manage Third Party OAuth in Admin console?

I was able to make the following call with no problems:

https://www.googleapis.com/admin/directory/v1/users/user@domain.com?xoauth_requestor_id=admin@domain.com&key=APIkey_from_API_console

huangapple
  • 本文由 发表于 2013年9月29日 19:41:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/19077645.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定