我们正在尝试为服务器到服务器应用程序实施OAuth 2.0最后的动机是调用Google API来读取GSuite用户。
用于服务器到服务器应用程序的OAuth 2.0的Google文档是..-https://developers.google.com/identity/protocols/OAuth2ServiceAccount
用于读取GSuite用户列表的API-https://developers.google.com/admin-sdk/directory/v1/reference/groups/list
根据文档,我们可能使用“ Google API客户端库”或“ HTTP / REST”但是,我们的要求是使用HTTP / REST。
我们已成功完成以下步骤。
在上面的第3步之后,我们可以通过POSTMAN成功获得“访问令牌”。
邮递员获取access_token的请求成功,如下所示。
HTTP POST request :https://oauth2.googleapis.com/token
Body parameters:
grant_type:urn:ietf:params:oauth:grant-type:jwt-bearer
assertion:The JWT, including signature.
successful response :
{
"access_token": "ya29.c.EmmOB0vXrihl6nkZNr2gS1nKc4LypBlg3I1bZL2BUvPfZ53rs91fSA2TXR25TvtrZb551sdg1WwHnxg5VYWVC-SEveeypZebfwvhdGr9ECXCeuwAmfyV8TDUIN5nsqbZ7IxVyzgkew",
"expires_in": 3600,
"token_type": "Bearer"
}
但是在“调用Google API”时出现错误/异常
使用我们获得的具有access_token的API调用时出错。
1.Get Request via POSTMAN : Read all GSuite users
https://www.googleapis.com/admin/directory/v1/users/?customer=my_customer
Header:Bearer ya29.c.EmmOB0vXrihl6nkZNr2gS1nKc4LypBlg3I1bZL2BUvPfZ53rs91fSA2TXR25TvtrZb551s dg1WwHnxg5VYWCVC-SEveeypZebfwvhdGr9ECXCeuwAmfyV8TDUIN5nsqbZ7IxVyzgkewfZ0
error response :
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Service unavailable. Please try again"
}
],
"code": 503,
"message": "Service unavailable. Please try again"
}
}
2。通过POSTMAN获取请求:读取GSuite组
https://www.googleapis.com/admin/directory/v1/groups/?
customer=my_customer
Header : Bearer ya29.c.EmmOB0v-Xrihl6nkZNr2gS1nKc4LypBlg3I1bZL2BUvPfZ53rs91fSA2TXR25TvtrZb551sdg1WwHnxg5VYWCVC-SEveeypZebfwvhdGr9ECXCeuwAmfyV8TDUIN5nsqbZ7IxVyzgkewfZ0
error response :
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Domain not found."
}
],
"code": 404,
"message": "Domain not found."
}
}
似乎您不需要传递请求参数客户。尝试这样
https://www.googleapis.com/admin/directory/v1/groups/my_customer
关于此here的更多信息>
和https://www.googleapis.com/admin/directory/v1/users/my_customer
关于此here的更多信息>