Fehler Authentifizierung mit Google Directory-API von C#

Question

Ich versuche, die Google Apps Directory API aufrufen, so dass ich Benutzer zu meiner Organisation Google Apps-Konto auflisten

Ich habe stundenlang durch ihre Dokumentation abgekocht und in der Lage gewesen um den Code unten zu finden. Ich erhalte jedoch den folgenden Fehler. Invalid Credentials [401] Ich vermute, dass es mit der Art, wie ich die ServiceAccountCredential

[STAThread] 
    static void Main(string[] args) 
    { 
     Console.WriteLine("Google Directory Service API"); 
     Console.WriteLine("================================"); 
     try 
     { 
      new Program().Run().Wait(); 
     } 
     catch (AggregateException ex) 
     { 
      foreach (var e in ex.InnerExceptions) 
      { 
       Console.WriteLine("ERROR: " + e.Message); 
      } 
     } 
     Console.WriteLine("Press any key to continue..."); 
     Console.ReadKey(); 
    } 

    private async Task Run() 
    { 
     using (var stream = new FileStream("../../client-secrets.json", FileMode.Open, FileAccess.Read)) 
     using (var reader = new StreamReader(stream)) 
     { 
      JObject clientJObject = JObject.Parse(reader.ReadToEnd()); 

      var secrets = new ClientSecrets 
      { 
       ClientId = clientJObject.GetValue("client_id").ToString(), 
       ClientSecret = clientJObject.GetValue("private_key").ToString() 
      }; 

      var tokenUrl = clientJObject.GetValue("token_uri").ToString(); 

      var credential = new ServiceAccountCredential(new ServiceAccountCredential.Initializer(secrets.ClientId, tokenUrl).FromPrivateKey(secrets.ClientSecret)); 

      var initializer = new BaseClientService.Initializer() 
      { 
       HttpClientInitializer = credential, 
       ApplicationName = "My Directory Listing App", 
      }; 

      var service = new DirectoryService(initializer); 

      var users = await service.Users.List().ExecuteAsync(); 
      users.UsersValue.ToList().ForEach(u => 
      { 
       Console.WriteLine(u.PrimaryEmail); 
      }); 
     } 
    } 

ist meine Secrets.Json Datei ein bisschen wie folgt aufgebaut zu tun hat. Ich entfernte die Mehrheit des privaten Schlüssels Teil

{ 
    "type": "service_account", 
    "project_id": "service.account", 
    "private_key_id": "fd6f98b603dd5a065c87a8d34a4e428cf6277a35", 
    "private_key": "-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----\n", 
    "client_email": "service.account@appspot.gserviceaccount.com", 
    "client_id": "102588765356663060837", 
    "auth_uri": "https://accounts.google.com/o/oauth2/auth", 
    "token_uri": "https://accounts.google.com/o/oauth2/token", 
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service.account%40appspot.gserviceaccount.com" 
} 

Answer 1

Verwaltung

Schritt 1: Loggen Sie sich in der Admin-Konsole

Schritt 2: Stellen Sie sicher, API-Zugriff Security > Api Reference > Enable API Access aktiviert ist

Schritt 3: Aktivieren Google Apps Domain-Wide Delegation

• Gehen Sie zu der Dev Console
• Wählen Sie die API-Projekt
• Dann auf Credentials > Manage Service Accounts > "Edit Service Account" > Enable Google Apps Domain-wide Delegation
• "Go Back" > "View ClientID"
• Kopieren Sie die Client-ID, wie Sie benötigen werde, dass

Schritt 4: Register-API-Client und Scopes Security > Advanced Settings > Manage API client access

• Geben Sie die Client-ID und eine durch Kommas getrennte Liste der Bereiche ein (z. B. https://www.googleapis.com/auth/admin.directory.user)
• Dann Authorize

Schritt 5: Erstellen Dienstkonto Private Key

• Create Credentials > Service Account Key > "Select Service Account" > P12 "For backward compatibility with code using the P12 format" > Close
• Dies wird automatisch der Schlüsselcode auf Ihr System herunterladen. Speichern Sie diese Taste, da es sehr wichtig ist,

Der Kodex

Zuerst müssen Sie die folgenden Pakete installieren

install-package Google.Apis.Admin.Directory.directory_v1 
install-package Newtonsoft.Json 

Und schließlich der Code unter

using Google.Apis.Auth.OAuth2; 
using Google.Apis.Services; 
using System; 
using System.Linq; 
using Google.Apis.Admin.Directory.directory_v1; 
using System.Security.Cryptography.X509Certificates; 

namespace GoogleApis 
{ 

    /// <summary> 
    /// This sample demonstrates the simplest use case for a Service Account service. 
    /// The certificate needs to be downloaded from the Google Developers Console 
    /// <see cref="https://console.developers.google.com/"> 
    /// "Create another client ID..." -> "Service Account" -> Download the certificate, 
    /// rename it as "key.p12" and add it to the project. Don't forget to change the Build action 
    /// to "Content" and the Copy to Output Directory to "Copy if newer". 
    /// </summary> 
    public class Program 
    { 
     public static void Main(string[] args) 
     { 
      //Service account Email 
      //NOTE: This is the account for the Service Client 
      string serviceAccountEmail = "service.account@appspot.gserviceaccount.com"; 

      //Path to Downloaded Key 
      var path = @"Path\To\key.p12"; 

      //Generate a Certificate using the Key downloaded from the Api Console 
      var certificate = new X509Certificate2(path, "notasecret", X509KeyStorageFlags.Exportable); 

      //Create the Credential 
      ServiceAccountCredential serviceCredential = new ServiceAccountCredential(
       new ServiceAccountCredential.Initializer(serviceAccountEmail) 
       { 
        //Define the Scopes You want the credential to Access 
        Scopes = new[] 
        { 
         DirectoryService.Scope.AdminDirectoryUser, 
        }, 
        //Specify the User that this service Credential is Impersonating. Typically your Google Apps Admin Account 
        User = "admin@domain.com" 
       }.FromCertificate(certificate)); 

      //Instantiate the Service (Could be any of the Google Api Services) 
      var service = new DirectoryService(new BaseClientService.Initializer() 
      { 
       HttpClientInitializer = serviceCredential, 
      }); 

      // Define parameters of request. 
      UsersResource.ListRequest request = service.Users.List(); 
      //Set the Domain of the Request 
      request.Domain = "domain.com"; 

      // List users. 
      var users = request.Execute().UsersValue; 
      users.Select(u => u.PrimaryEmail).ToList().ForEach(Console.WriteLine); 
      Console.ReadKey(); 
     } 
    } 
}