Google Cloud Console显示在Python中客户端未经授权以检索访问令牌。

huangapple go评论85阅读模式
英文:

Google Cloud Console shows Client is unauthorized to retrieve access tokens using this method in python

问题

I saw so many question relating to this GCP issue, none of it helped. I have created service account and added to "Manage Domain-wide delegation" with scopes. But I still get this error Client is unauthorized to retrieve access tokens using this method or client not authorized for any of the scopes requested.

code is below:

from google.oauth2 import service_account

SCOPES = [
    "https://www.googleapis.com/auth/admin.directory.user",
    "https://www.googleapis.com/auth/admin.directory.domain.readonly",
    "https://www.googleapis.com/auth/gmail.readonly",
    "https://www.googleapis.com/auth/gmail.send",
    "https://www.googleapis.com/auth/gmail.insert",
    "https://www.googleapis.com/auth/gmail.settings.sharing",
]

SERVICE_ACCOUNT_FILE = '/PATH/TO/FILE/credentials.json'
credentials = service_account.Credentials.from_service_account_file(
        SERVICE_ACCOUNT_FILE, scopes=SCOPES, )
delegated_credentials = credentials.with_subject('email')
service = build('admin', 'directory_v1', credentials=delegated_credentials)

def main():
    print("Getting the first 10 users in the domain")
    results = (
        service.users()
        .list(customer="customer_id", maxResults=10, orderBy="email")
        .execute()
    )
    users = results.get("users", [])
    print(users)
英文:

I saw so many question relating to this GCP issue, none of it helped. I have created service account and added to "Manage Domain-wide delegation" with scopes. But I still get this error Client is unauthorized to retrieve access tokens using this method or client not authorized for any of the scopes requested.

code is below:

from google.oauth2 import service_account


SCOPES = [
    "https://www.googleapis.com/auth/admin.directory.user",
    "https://www.googleapis.com/auth/admin.directory.domain.readonly",
    "https://www.googleapis.com/auth/gmail.readonly",
    "https://www.googleapis.com/auth/gmail.send",
    "https://www.googleapis.com/auth/gmail.insert",
    "https://www.googleapis.com/auth/gmail.settings.sharing",

]

SERVICE_ACCOUNT_FILE = '/PATH/TO/FILE/credentials.json'
credentials = service_account.Credentials.from_service_account_file(
        SERVICE_ACCOUNT_FILE, scopes=SCOPES, )
delegated_credentials = credentials.with_subject('email')
service = build('admin', 'directory_v1', credentials=delegated_credentials)

def main():
    print("Getting the first 10 users in the domain")
    results = (
        service.users()
        .list(customer="customer_id", maxResults=10, orderBy="email")
        .execute()
    )
    users = results.get("users", [])
    print(users)


答案1

得分: 1

委托意味着冒充另一个身份。此行代码中身份credentials.with_subject('email')具备什么权限?该身份需要对相关的Google Workspace帐户拥有超级管理员访问权限。此外,用户必须至少登录一次并接受Google Workspace服务条款。

英文:

Delegation means impersonating another identity. What permissions does the identity in this line of code have credentials.with_subject('email')? The identity needs super administrator access to the relevant Google Workspace account.

Additionally, the user must have logged in at least once and accepted the Google Workspace Terms of Service.

huangapple
  • 本文由 发表于 2023年3月21日 01:38:38
  • 转载请务必保留本文链接:https://go.coder-hub.com/75793541.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定