0

I have been searching and trying many different solutions to this error that I have found not only this site but others as well.

Currently I am trying to just get a list of users or a specific user details based on parameters set. In the long run I would like to create and modify users and groups.

I have images but am new to posting to this site and I am unable to publish them here. I can confirm the following:

  • I have enabled API for the domain
  • api_studentportal(at)domain.com is a super admin
  • The Admin SDK is enabled under the developers console
  • Under 'Manage API client access' I have added '474470900273-asrfjsg0m0ucsfadeit456sg518l1bqa.apps.googleusercontent.com' to 'admin.directory.group' and 'admin.directory.user'

My Code:

date_default_timezone_set('America/Los_Angeles');
session_start();
set_include_path(get_include_path() . PATH_SEPARATOR . 'google/composer/src');
require 'composer/vendor/autoload.php';
$keychain = json_decode(file_get_contents('Google.json'), true);

$service_account_name = $keychain['client_email']; //474470900273-asrfjsg0m0ucsfadeit456sg518l1bqa@developer.gserviceaccount.com
$private_key = $keychain['private_key'];


$client = new Google_Client(); 
$client->setApplicationName("SAMPLE"); 
$service = new Google_Service_Directory($client); 

if (isset($_SESSION['service_token'])) { 
  $client->setAccessToken($_SESSION['service_token']); 
} 

$cred = new Google_Auth_AssertionCredentials( 
    $service_account_name, 
    array('https://www.googleapis.com/auth/admin.directory.user', 'https://www.googleapis.com/auth/admin.directory.group'), 
    $private_key, 
    'notasecret', 
    'http://oauth.net/grant_type/jwt/1.0/bearer', 
    'api_studentportal@domain.com' 
); 
$client->setAssertionCredentials($cred); 



if($client->getAuth()->isAccessTokenExpired()) { 
  $client->getAuth()->refreshTokenWithAssertion($cred); 
} 
$_SESSION['service_token'] = $client->getAccessToken(); 







$service = new Google_Service_Directory($client);

// Print the first 10 users in the domain.
$optParams = array(
  'domain' => 'domain.com',
  'maxResults' => 10,
  'orderBy' => 'familyName',
  'viewType' => 'domain_public',
);
$results = $service->users->listUsers($optParams);

And then I get the following PHP error:

Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users?domain=domain.com&maxResults=10&orderBy=familyName&viewType=domain_public: (403) Not Authorized to access this resource/api' in google/composer/src/Google/Http/REST.php:110 Stack trace: #0 google/composer/src/Google/Http/REST.php(62): Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request), Object(Google_Client)) #1 [internal function]: Google_Http_REST::doExecute(Object(Google_Client), Object(Google_Http_Request)) #2 google/composer/src/Google/Task/Runner.php(174): call_user_func_array(Array, Array) #3 google/composer/src/Google/Http/REST.php(46): Google_Task_Runner->run() #4 google/composer/src/Google/Client.php(593): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request)) #5 google/composer in google/composer/src/Google/Http/REST.php on line 110
Andrew Nabors
  • 11
  • 2

1 Answers1

1

It seems as if it was just the viewType optParam defined. 'viewType' => 'domain_public' is invalid. Once that was removed the query worked.

Andrew Nabors
  • 11
  • 2