1

I've spent the past couple of days trying to access Google's Directory API in Ruby but haven't been able to get it working. According to this document the Directory API can be authorized using 2lo:

If your application has certain unusual authorization requirements, such as logging in at the same time as requesting data access (hybrid) or domain-wide delegation of authority (2LO), then you cannot currently use OAuth 2.0 tokens. In such cases, you must instead use OAuth 1.0 tokens and an API key. You can find your application's API key in the Google APIs Console, in the Simple API Access section of the API Access pane.

I currently have working code that can access the Provisioning API using 2lo. From the documentation it sounds that I can use this same code to access the Directory API by just adding an API access key parameter to the request and enabling a few permissions. However, it's not working and I have no idea why.

Here is the request code:

def self.get_user2(email)
  @client = Google::APIClient.new(:authorization => :two_legged_oauth_1)
  @client.authorization.client_credential_key = GOOGLE_APP_KEY
  @client.authorization.client_credential_secret = GOOGLE_APP_SECRET
  @directory = @client.discovered_api('admin', 'directory_v1')
  result = @client.execute(
    @directory.users.get, 
    'userKey' => email,
    :key => GOOGLE_API_KEY
  )
  JSON.parse(result.body)
end

This gets me the response:

{
  "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "authError",
    "message": "Invalid Credentials",
    "locationType": "header",
    "location": "Authorization"
   }
  ],
  "code": 401,
  "message": "Invalid Credentials"
 }
}

I've added the required scope to my manifest file,

<Scope id="usersAPI">
  <Url>https://www.googleapis.com/auth/admin.directory.user.readonly</Url>
  <Reason>See all users in your company.</Reason>
</Scope>

and also enabled the Admin SDK for my project in the API console.

Here is the log output after adding Faraday.default_connection.response :logger to my development.rb file:

get https://www.googleapis.com/admin/directory/v1/users/brian@crushing.mygbiz.com?key=AIzaSyAHYBWlC_qiihRtTKTZleZlAw2ts8Q1WO8
User-Agent: "google-api-ruby-client/0.6.4 Mac OS X/10.8.4"
Authorization: "OAuth oauth_consumer_key=\"76548528623.apps.googleusercontent.com\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1375899810\", oauth_nonce=\"de4d976eed6883a06b3f6084e3dd0db4\", oauth_version=\"1.0\", oauth_signature=\"3D7aqhBeaCYOYyaF8bWpaM9MA8U%3D\""
Cache-Control: "no-store"
Content-Type: "application/x-www-form-urlencoded"
401
www-authenticate: "AuthSub realm=\"https://www.google.com/accounts/AuthSubRequest\""
content-type: "application/json; charset=UTF-8"
date: "Wed, 07 Aug 2013 18:23:30 GMT"
expires: "Wed, 07 Aug 2013 18:23:30 GMT"
cache-control: "private, max-age=0"
x-content-type-options: "nosniff"
x-frame-options: "SAMEORIGIN"
x-xss-protection: "1; mode=block"
server: "GSE"
connection: "close"

After searching the internet for the past day I am out of ideas for why this isn't working. Ideas anyone?

oldmanwiggins
  • 228
  • 2
  • 8
  • What shows if you debug the connection?http://stackoverflow.com/questions/13900195/how-do-i-debug-http-of-google-api-client – Jay Lee Aug 07 '13 at 02:31
  • @JayLee I changed the request code to use the Google::APIClient. Still getting the same error response. I added the Faraday logs as you suggested. Any ideas? – oldmanwiggins Aug 07 '13 at 18:53

1 Answers1

1

It turns out I was missing the 'xoauth_requestor_id' field. Thanks to sqrrrl for answering my question on github

oldmanwiggins
  • 228
  • 2
  • 8
  • i just switched to oauth2 and i'm unable to use the directory api except i have access token gotten from an administrator of the domain. appears to be your same problem. I am using the php library. kindly shed more light on what you did. @oldmanwiggins – yomexzo Mar 04 '14 at 16:59