英文:
failedPrecondition: Must be a G Suite domain user. Using service account to manage contacts in ruby
问题
我正在尝试使用Ruby脚本和Google API客户端来管理我的Google Workspace用户的联系人。以下是代码:
require 'google/apis/people_v1'
require 'googleauth'
require 'byebug'
# 设置授权
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open('g_suite_service_account.json'),
scope: scopes,
)
# 授权客户端
client = Google::Apis::PeopleV1::PeopleServiceService.new
client.authorization = credentials
# 获取联系人
response = client.list_person_directory_people(
sources: 'DIRECTORY_SOURCE_TYPE_DOMAIN_CONTACT',
read_mask: 'addresses,clientData,emailAddresses,names,phoneNumbers'
)
byebug
puts ''
这是我的操作步骤:
- 使用Google Workspace云控制台创建服务帐号。
- 将服务帐号分配给Google Workspace管理员作为域范围的委派。
我仍然收到以下错误信息:
failedPrecondition: 必须是G Suite域用户。 (Google::Apis::ClientError)
请问有谁可以帮忙指出我在哪里/做了什么遗漏的地方吗?谢谢!
英文:
I am trying to manage contacts on my google workplace user using service account using ruby script and google api client.
Below is the code
require 'google/apis/people_v1'
require 'googleauth'
require 'byebug'
# Set up authorization
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open('g_suite_service_account.json'),
scope: scopes,
)
# Authorize the client
client = Google::Apis::PeopleV1::PeopleServiceService.new
client.authorization = credentials
# Fetch contacts
response = client.list_person_directory_people(
sources: 'DIRECTORY_SOURCE_TYPE_DOMAIN_CONTACT',
read_mask: 'addresses,clientData,emailAddresses,names,phoneNumbers'
)
byebug
puts ''
Here's what I've done,
- Create service account using google workplace cloud console.
- Assign the service account to the google workplace admin as domain wide delegation.
I'm still getting this error
failedPrecondition: Must be a G Suite domain user. (Google::Apis::ClientError)
Can anyone help point out where/what I am missing please. Thank you
答案1
得分: 1
在使用域委托时,您需要指定服务账号将模拟成该域中的哪个用户。在您当前代码版本中,API 调用是使用“服务账号”身份进行的,这导致了报告的错误。
您可以使用 .sub 方法来指定用户:
# 设置授权
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open('g_suite_service_account.json'),
scope: scopes,
)
credentials.sub = 'A_DOMAIN_USER@your_domain.com'
通过这样做,Google 服务器中的 API 调用将使用被模拟用户的身份执行。
Google 的文档:
-
服务器到服务器应用程序 - 准备进行授权的 API 调用
英文:
When using Domain wide delegation you'll need to specify which user in the domain the service account will impersonate. In the current version of your code the API call is being made using the service account identity which caused the reported error.
You can specify the user using the .sub method:
# Set up authorization
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open('g_suite_service_account.json'),
scope: scopes,
)
credentials.sub = 'A_DOMAIN_USER@your_domain.com'
By doing this the API call in Google's servers will be performed using the impersonated user's identity.
Google's documentation:
-
Server to server Applications - Preparing to make an authorized API call
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论