Google Calendar API 服务帐户错误
我收到此错误
{ "error":
{ "errors":
[
{ "domain": "calendar", "reason": "forbiddenForServiceAccounts", "message": "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority." }
],
"code": 403,
"message": "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority."
}
}
已经关注了这个https://developers.google.com/admin-sdk/directory/v1/指南/委托
我正在使用这个库并在 laravel 5.7 上运行它:https://github.com/spatie/laravel-google-calendar
im using this library and im running it on laravel 5.7: https://github.com/spatie/laravel-google-calendar
有什么办法可以解决这个问题.请帮忙.
What could be the fix for this. Please help.
推荐答案
以下是完成此工作的步骤:
Here are the steps to follow to make this work:
在您的服务帐户中启用全域委派
1 - 为您的服务帐户提供日历范围
- 转到 https://admin.google.com/ 并使用 G Suite 帐户登录.莉>
- 转到安全 ->API 控制 ->全域委托
- 添加新 =>设置您的服务帐户的客户端 ID(只有数字的那个)
- 设置以下范围:https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/calendar.events,https://www.googleapis.com/auth/admin.directory.resource.calendar
- Go to https://admin.google.com/ and login with G Suite account.
- Go to Security -> API Controls -> Domain-wide Delegation
- Add new => Set the client ID of your service account (The one that's only numbers)
- Set the following scopes: https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/calendar.events,https://www.googleapis.com/auth/admin.directory.resource.calendar
2 - 您的用户需要具有 Service Account Token Creator 角色
- 转到https://console.cloud.google.com/iam-admin 然后
- 选择您的项目并转到左侧菜单中的 IAM.
- 选择您将用来模拟的帐户
- 点击编辑
- 添加角色服务帐户令牌创建者
- 根据 https://developers 为帐户启用域委托.google.com/admin-sdk/directory/v1/guides/delegation,部分要启用 G Suite 域范围的委派,请按照以下步骤操作.
- Go to https://console.cloud.google.com/iam-admin then
- Select your project and go to IAM in the left menu.
- Select the account that you will use to impersonate
- Click on edit
- Add role Service Account Token Creator
- Enable domain delegation for the account according to https://developers.google.com/admin-sdk/directory/v1/guides/delegation, section To enable G Suite domain-wide delegation, follow these steps.
3 - 在您要模拟的帐户中创建日历
服务帐户没有日历,因此您必须创建自己的日历
Service accounts don't have calendars so you have to create your own calendar
- 使用您想要拥有的电子邮件登录 https://calendar.google.com/日历(我使用了不同的帐户,与我要模拟的帐户不同,也许它可以使用模拟帐户中的日历)
- 创建日历
- 与有权修改和管理日历的服务帐户共享日历
- 与您要模拟的帐户共享日历,并有权修改和管理日历
- Login in https://calendar.google.com/ with the email that you want to own the calendar (I used a different account, not the same that I was going to impersonate, maybe it works using a calendar in the impersonated account)
- Create a calendar
- Share the calendar with the service account with permissions to modify and manage the calendar
- Share the calendar with the account you will impersonate with permissions to modify and manage the calendar
创建谷歌客户端
- 验证您的服务帐户.(我使用了 JSON 密钥,我不确定其他身份验证是否适用于此目的)
代码示例:(我使用的是 PHP,但我假设其他语言非常相似,因此您可以以此为指导)
Code sample: (I used PHP but I assume that other languages are very similar so you can use this as guideline)
请注意,使用某些电子邮件进行 IMPERSONALIZATION 至关重要.否则,将保留 403 错误,将其用于身份验证,有关详细信息,请参阅 Maksym Kalin 响应.
$google_client = new Google_Client();
$google_client->setAuthConfig($LOCATION_OF_JSON_KEY);
$google_client->setAccessType( 'offline' );
$google_client->setSubject('EmailToImpersonate@SomeAddress.com');
$google_client->setApplicationName("YourApplicationName");
$google_client->setScopes([Google_Service_Calendar::CALENDAR, Google_Service_Calendar::CALENDAR_EVENTS]);
与受邀者一起创建活动 :) 并享受!
注意: 通过这种方法,您可以创建活动并邀请人们加入.请记住 G Suite 的限制 https://support.google.com/a/answer/2905486 因此,如果您想创建许多事件,则需要有一个带有日历池的服务帐户池.
Note: With this approach you can create events and invite people to it. Keep in mind the limits of the G Suite https://support.google.com/a/answer/2905486 so if you want to create many events you will need to have a pool of service accounts with a pool of calendars.
相关文章