当前位置: 动力学知识库 > 问答 > 编程问答 >

node.js - users.list returns 403 Error: Not Authorized to access this resource/api

问题描述:

I am trying to retrieve a list of users using the node.js googleapis library and a service account.

I followed this guide to 'Perform Google Apps Domain-Wide Delegation of Authority'. There are examples for Java and Python, but unfortunately not for node.js, which seems to work rather differently.

I tried following the quickstart and completed the first two steps, but then it uses a manual OAuth flow instead of a service account.

So I tried to follow the example here to authorize using a service account. That all seems to work until I send the request, then I get an error: Error: Not Authorized to access this resource/api with code: 403.

Here's my code:

var google = require('googleapis'),

GoogleAuth = require('google-auth-library'),

authFactory = new GoogleAuth(),

admin = google.admin('directory_v1')

authFactory.getApplicationDefault(function (err, authClient) {

console.log('GOT APPLICATION DEFAULT', authClient)

if (err) {

console.log('Authentication failed because of ', err);

return;

}

if (authClient.createScopedRequired && authClient.createScopedRequired()) {

console.log('SCOPE REQUIRED')

var scopes = ['https://www.googleapis.com/auth/admin.directory.user'];

authClient = authClient.createScoped(scopes);

}

var request = {

auth: authClient,

domain: 'mydomain.com'

};

console.log('request:', request)

admin.users.list(request, function (err, result) {

if (err) {

console.log('admin.users.list error', err);

} else {

console.log(result);

}

});

});

What have I missed please?

网友答案:

After several hours of experimenting I came to the conclusion that this particular API cannot be accessed with a service account. Although it is not explicitly stated in the docs anywhere that I could find, the quickstart seems to overcome this limitation by using an OAuth process and then storing in a file the tokens required to authorize future requests. If I'm wrong please add a better answer!

My solution is to use the quickstart project to generate those tokens and then add the credentials and tokens from the quickstart to my project and use them whenever my server starts, something like:

let tokens = require('./credentials/tokens.json'),
    credentials = require('./credentials/oauth_credentials.json'),
    clientSecret = credentials.installed.client_secret, 
    clientId = credentials.installed.client_id,
    redirectUrl = credentials.installed.redirect_uris[0],
    google = require('googleapis'),
    GoogleAuth = require('google-auth-library'),
    authFactory = new GoogleAuth(),
    admin = google.admin('directory_v1'),
    oauth2Client = new authFactory.OAuth2(clientId, clientSecret, redirectUrl);
    oauth2Client.credentials = tokens;
    let request = {
      auth: oauth2Client,
      domain: 'coachaxis.com'
    };
    console.log('request:', request)
    admin.users.list(request, function (err, result) {
      if (err) {
        console.log('admin.users.list error', err);
      } else {
        console.log(result);
      }
    });

It's not elegant but it works.

分享给朋友:
您可能感兴趣的文章:
随机阅读: