当访问Google API admin/directory时,如何修复400错误?

huangapple go评论128阅读模式
英文:

How can I fix a 400 error when accessing Google API admin/directory in Go?

问题

当我使用Go访问Google API admin/directory时,出现了400错误。

我有一个项目,所有用户都有一个由G-Suit集中管理的Google帐户。现在我需要在我的后端中拥有所有G-Suit用户,这样即使他们从未登录到我的工具,也可以搜索用户。因此,我认为最好的方法是通过服务帐户将后端与Google连接起来,从其API中加载用户。

为了进行身份验证,我从Google Cloud控制台为服务帐户生成了一对密钥(具有测试的所有者权限),将其保存为JSON并传递给应用程序。之后,我使用返回的服务来启动API调用,该调用应返回用户,但不幸的是,它只返回400错误。

我已经尝试过缩小问题的范围,就我从调试器中看到的情况而言,标头中缺少了一个Bearer令牌,除此之外我没有看到其他异常情况,所以我认为这是一个身份验证问题,但也可能是完全不同的问题。

这是我的代码:

import (
	"context"
	admin "google.golang.org/api/admin/directory/v1"
	"google.golang.org/api/option"
	"log"
)

func Test() error {

	ctx := context.Background()
	adminService, err := admin.NewService(ctx, option.WithCredentialsFile("./client-secret.json"))

	if err != nil {
		return err
	}

	res, err := adminService.Users.List().Customer("my_customer").Projection("full").MaxResults(500).Do()
	if err != nil {
		return err
	}

	log.Printf("Result: %v\n", res)

	for _, u := range res.Users {
		println(u.PrimaryEmail)
	}

	return nil
}

这是生成的日志消息:googleapi: Error 400: Invalid Input, invalid

我正在尝试从Google API加载组织中的所有用户,但每次尝试时都会收到400错误,我不太明白为什么会出现这种情况,因为我使用的是Go的Google API库。

英文:

I get a 400 error when accessing the Google API admin/directory in Go

I have a project where all users have a Google account which is centrally managed via G-Suit. Now I need to have all G-Suit users available in my backend, so that it is possible to search for users even if they never log in to my tool. Therefore I thought it is best that the backend is connected to Google via a service account to load the users from their API.

For the authentication I generated a key-pair from the google cloud console for a service account (with owner rights for testing), saved it as json and passed it to the application. After that, I used the returned service to start the API call that was supposed to return the users, unfortunately it only ever returns a 400 error.

I've already tried to narrow down the problem a bit, and as far as I've seen from the debugger, there's a bearer token missing from the header, otherwise I haven't seen anything else out of the ordinary, so I'm assuming it's an authentication problem, but it could also be a different problem altogether.

Here is my code:

import (
	"context"
	admin "google.golang.org/api/admin/directory/v1"
	"google.golang.org/api/option"
	"log"
)

func Test() error {

	ctx := context.Background()
	adminService, err := admin.NewService(ctx, option.WithCredentialsFile("./client-secret.json"))

	if err != nil {
		return err
	}

	res, err := adminService.Users.List().Customer("my_customer").Projection("full").MaxResults(500).Do()
	if err != nil {
		return err
	}

	log.Printf("Result: %v\n", res)

	for _, u := range res.Users {
		println(u.PrimaryEmail)
	}

	return nil
}

This is the resulting log message googleapi: Error 400: Invalid Input, invalid

I am trying to load from the Google API all the users in my organisation, unfortunately I get a 400 error every time I try, which I don't quite understand why as I use the Google API library for go.

答案1

得分: 1

建议

注意:这仅供您的项目作为起点或参考。重要的是要注意,社区成员不提供编码服务。

我不是Golang的专家,但是在大多数编程语言中,使用Google API与服务帐号的概念是相似的。在使用Google API与服务帐号时,请按照以下步骤进行操作:

  1. 为您的服务帐号设置域委派
  2. 在配置凭据时,使用subject参数来指定您的服务帐号应扮演的超级管理员电子邮件地址。这确保了服务帐号具有执行所需操作的必要权限。您可以参考这个相关的Golang参考文档了解有关配置subject参数的更多信息。

这里有一个演示:

在我的测试中,我使用Python测试了Admin SDK API,遇到了一个400错误

解决方法是,确保正确设置了域委派,并在创建服务帐号凭据时指定了subject参数。在这样做之后,我能够无问题地使用Admin SDK API

希望这能帮助您在当前项目中取得进展。

英文:

SUGGESTION

>NOTE: This is intended to serve as a starting point or reference for your project. It's important to note that the community members do not provide coding services.

I'm not an expert in Golang, but the concept of using Google APIs with service accounts is similar across most programming languages. Here are some steps to follow when using a Google API with a service account:

  1. Set up Domain-Wide Delegation for your service account.
  2. Use the subject parameter when configuring your credential to specify the Super Admin email address that your service account should impersonate. This ensures that the service account has the necessary permissions to perform the required actions. You can refer to this related Golang reference more information on configuring the subject parameter & more.

Here's a demonstration:

On my end, I tested the Admin SDK API using Python, and I encountered a 400 error:

> 当访问Google API admin/directory时,如何修复400错误?

To resolve it, I made sure to properly set up Domain-Wide Delegation and specify the subject parameter when creating the service account credentials. After doing this, I was able to use the Admin SDK API without any issues:

> 当访问Google API admin/directory时,如何修复400错误?

I hope this will help you make progress with your current project.

huangapple
  • 本文由 发表于 2023年5月29日 23:54:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/76358734.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定