Directory Service API Authorization Erro
552 views
Skip to first unread message
Silvio Krynski Junior
Dec 12, 2013, 1:21:53 PM12/12/13
to google-api...@googlegroups.com
Hello Friends,
I'm having problem to use the Directory Service API. I'm developing a application to manage the user accounts of my business, but i can't connect the API. I'm using:
require_once 'tarefas2/src/Google_Client.php';
require_once 'tarefas2/src/contrib/Google_DirectoryService.php';
$key = file_get_contents('myprivatekey.p12');
$scopes = array('https://www.googleapis.com/auth/admin.directory.user', 'https://www.googleapis.com/auth/admin.directory.group');
$auth = new Google_AssertionCredentials('1059431133415-3r7020...@developer.gserviceaccount.com', $scopes, $key, 'notasecret', 'http://oauth.net/grant_type/jwt/1.0/bearer', '1059431133415-3r7020...@developer.gserviceaccount.com');
$client = new Google_Client();
$client->setApplicationName("googleapi");
$client->setUseObjects(true);
$client->setAssertionCredentials($auth);
$service = new Google_DirectoryService($client);
$results = $service->groups->listGroups(array('domain' => 'mydomain.gov.br'));
print '<h2>Response Result:</h2><pre>' . print_r($results, true) . '</pre>';
I activated the api on api console. I'm getting this error:
Fatal error: Uncaught exception 'Google_AuthException' with message 'Error refreshing the OAuth2 token, message: '{ "error" : "access_denied", "error_description" : "Requested scopes not allowed: https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group" }'' in /var/www/html/xxxxxxx/front/tarefas2/src/auth/Google_OAuth2.php:288 Stack trace: #0 /var/www/html/xxxxxxx/front/tarefas2/src/auth/Google_OAuth2.php(265): Google_OAuth2->refreshTokenRequest(Array) #1 /var/www/html/xxxxxx/front/tarefas2/src/auth/Google_OAuth2.php(218): Google_OAuth2->refreshTokenWithAssertion() #2 /var/www/html/xxxxxx/front/tarefas2/src/service/Google_ServiceResource.php(167): Google_OAuth2->sign(Object(Google_HttpRequest)) #3 /var/www/htmlxxxxxxx/front/tarefas2/src/contrib/Google_DirectoryService.php(188): Google_ServiceResource->__call('list', Array) #4 /var/www/html/xxxxx/front/tarefas2.php(22): Google_GroupsServiceResource->listGroups(Array) #5 {main} thrown in /var/www/html/xxxxxxx/front/tarefas2/src/auth/Google_OAuth2.php on line 288
Anybody had the same problem?
Sorry my english
Eric Walker
Dec 12, 2013, 2:17:30 PM12/12/13
to google-api...@googlegroups.com
Hi,
Looks like you might need to provide the service account "1059431133415-3r7020...@developer.gserviceaccount.com" with domain-wide access to the following scopes in your application:
This is not done by default, and you will need to do this in the Google Admin console for the project and application you've set up. If my understanding of your issue is correct, the page you want looks like [1].
Regards,
Eric
--
You received this message because you are subscribed to the Google Groups "google-api-php-client" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-api-php-c...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Silvio Krynski Junior
Dec 12, 2013, 2:58:24 PM12/12/13
to google-api...@googlegroups.com
Hi Eric,
Can you specify in detail how to get this page on Google Api Console? I can't find...
Thanks a lot!
Eric Walker
Dec 12, 2013, 3:24:23 PM12/12/13
to google-api...@googlegroups.com
Hi,
There's two consoles -- the Google Admin for Google Apps, and there's the Google Cloud console. You want the Google Admin console for Google Apps (admin.google.com) and not the Cloud Console. When you've logged in, go to Security > Advanced Settings > Authentication > Manage third party OAuth client access. You should see a screen that looks like the one in the screenshot I sent.
Regards,
Eric
--
Reply all
Reply to author
Forward
0 new messages