failedPrecondition: 必须是G Suite域用户。在Ruby中使用服务帐户管理联系人。

huangapple go评论60阅读模式
英文:

failedPrecondition: Must be a G Suite domain user. Using service account to manage contacts in ruby

问题

我正在尝试使用Ruby脚本和Google API客户端来管理我的Google Workspace用户的联系人。以下是代码:

require 'google/apis/people_v1'
require 'googleauth'
require 'byebug'

# 设置授权
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('g_suite_service_account.json'),
  scope: scopes,
)

# 授权客户端
client = Google::Apis::PeopleV1::PeopleServiceService.new
client.authorization = credentials

# 获取联系人
response = client.list_person_directory_people(
  sources: 'DIRECTORY_SOURCE_TYPE_DOMAIN_CONTACT',
  read_mask: 'addresses,clientData,emailAddresses,names,phoneNumbers'
)

byebug
puts ''

这是我的操作步骤:

  1. 使用Google Workspace云控制台创建服务帐号。
  2. 将服务帐号分配给Google Workspace管理员作为域范围的委派。

我仍然收到以下错误信息:
failedPrecondition: 必须是G Suite域用户。 (Google::Apis::ClientError)

请问有谁可以帮忙指出我在哪里/做了什么遗漏的地方吗?谢谢!

英文:

I am trying to manage contacts on my google workplace user using service account using ruby script and google api client.

Below is the code

require 'google/apis/people_v1'
require 'googleauth'
require 'byebug'

# Set up authorization
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('g_suite_service_account.json'),
  scope: scopes,
)

# Authorize the client
client = Google::Apis::PeopleV1::PeopleServiceService.new
client.authorization = credentials

# Fetch contacts
response = client.list_person_directory_people(
  sources: 'DIRECTORY_SOURCE_TYPE_DOMAIN_CONTACT',
  read_mask: 'addresses,clientData,emailAddresses,names,phoneNumbers'
)

byebug
puts ''

Here's what I've done,

  1. Create service account using google workplace cloud console.
  2. Assign the service account to the google workplace admin as domain wide delegation.
    failedPrecondition: 必须是G Suite域用户。在Ruby中使用服务帐户管理联系人。

I'm still getting this error
failedPrecondition: Must be a G Suite domain user. (Google::Apis::ClientError)

Can anyone help point out where/what I am missing please. Thank you

答案1

得分: 1

在使用域委托时,您需要指定服务账号将模拟成该域中的哪个用户。在您当前代码版本中,API 调用是使用“服务账号”身份进行的,这导致了报告的错误。

您可以使用 .sub 方法来指定用户:

# 设置授权
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('g_suite_service_account.json'),
  scope: scopes,
)

credentials.sub = 'A_DOMAIN_USER@your_domain.com' 

通过这样做,Google 服务器中的 API 调用将使用被模拟用户的身份执行。


Google 的文档:

英文:

When using Domain wide delegation you'll need to specify which user in the domain the service account will impersonate. In the current version of your code the API call is being made using the service account identity which caused the reported error.

You can specify the user using the .sub method:

# Set up authorization
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('g_suite_service_account.json'),
  scope: scopes,
)

credentials.sub = 'A_DOMAIN_USER@your_domain.com' 

By doing this the API call in Google's servers will be performed using the impersonated user's identity.


Google's documentation:

huangapple
  • 本文由 发表于 2023年6月26日 11:27:39
  • 转载请务必保留本文链接:https://go.coder-hub.com/76553360.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定