分享程序员开发的那些事...
更新时间:2023-12-04 15:38:13
似乎代码没有问题。它实际上工作。
问题在于我们的Google Apps设置。
当您访问管理此域的OAuth密钥和机密页面( https://www.google.com/a/cpanel/YOUR-DOMAIN/SetupOAuth ),
并启用双方OAuth访问控制并选择
允许访问所有API,但它实际上并不允许访问所有API。
如果您在
( https://www.google.com/a/cpanel/YOUR-DOMAIN/ManageOauthClients ),
您会看到有例如:
YOR-DOMAIN / CONSUMER-KEY此客户端可以访问所有API
code>
看来这不包括Provisioning API。
只有在我们明确添加了Provisioning API后,代码才开始工作。
因此,要启用Provisioning API,您还应该在列表中包含以下内容:
YOR-DOMAIN / CONSUMER-KEY群组配置(只读)https://apps-apis.google.com/a/feeds/group/#readonly
用户配置(只读)https://apps-apis.google。 com / a / feeds / user /#readonly
其他人也有同样的问题:
http ://www.gnegg.ch/2010/06/google-apps-provisioning-two-legged-oauth/
Does anyone know how to use 2-legged OAuth with google-api-java-client? I'm trying to access the Google Apps Provisioning API to get the list of users for a particular domain.
The following does not work
HttpTransport transport = GoogleTransport.create();
GoogleHeaders headers = (GoogleHeaders) transport.defaultHeaders;
headers.setApplicationName(APPLICATION_NAME);
headers.gdataVersion = GDATA_VERSION;
OAuthHmacSigner signer = new OAuthHmacSigner();
signer.clientSharedSecret = CONSUMER_SECRET;
OAuthParameters oauthParameters = new OAuthParameters();
oauthParameters.version = OAUTH_VERSION;
oauthParameters.consumerKey = CONSUMER_KEY;
oauthParameters.signer = signer;
oauthParameters.signRequestsUsingAuthorizationHeader(transport);
I get the "com.google.api.client.http.HttpResponseException: 401 Unknown authorization header". The header looks something like this
OAuth oauth_consumer_key="...", oauth_nonce="...", oauth_signature="...", oauth_signature_method="HMAC-SHA1", oauth_timestamp="...", oauth_version="1.0"
I also tried following without success
GoogleOAuthDomainWideDelegation delegation = new GoogleOAuthDomainWideDelegation();
delegation.requestorId = REQUESTOR_ID;
delegation.signRequests(transport, oauthParameters);
Any ideas? Thanks in advance.
It seems that there was nothing wrong with the code. It actually works. The problem was with the our Google Apps setup.
When you visit the "Manage OAuth key and secret for this domain" page (https://www.google.com/a/cpanel/YOUR-DOMAIN/SetupOAuth), and enable "Two-legged OAuth access control" and select "Allow access to all APIs", it doesn't actually allow access to all APIs.
If you visit the "Manage API client access" page after that (https://www.google.com/a/cpanel/YOUR-DOMAIN/ManageOauthClients), you'll see that there is an entry like:
YOR-DOMAIN/CONSUMER-KEY "This client has access to all APIs"
It seems that this doesn't include Provisioning API. Only after we explicitly added the Provisioning API, the code started to work. So to enable Provisioning API, you should also have something like the following entry in your list:
YOR-DOMAIN/CONSUMER-KEY Groups Provisioning (Read only) https://apps-apis.google.com/a/feeds/group/#readonly
User Provisioning (Read only) https://apps-apis.google.com/a/feeds/user/#readonly
Somone else had the same problem:
http://www.gnegg.ch/2010/06/google-apps-provisioning-two-legged-oauth/
Sasa