（400）使用Google API PHP客户端和Admin SDK的错误请求

Question

我正尝试将Google API PHP Client与Google Directory API配合使用。我进入Google Developers Console并创建了一个名为google-sync的项目。然后我在API列表页面中启用Admin SDK。然后，我从“凭据”页面中选择“创建新客户端ID”，并选择Service Account，然后下载提示下载的.bin私钥。然后，我点击了“生成新的P12键”并下载了.p12文件，该文件与PHP文件放在同一目录中。

这是我的PHP代码（其中this part of the docs）试图列出所有用户。

<?php 
session_start(); 
require 'vendor/autoload.php'; 
$SCOPE = 'https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit'; 

$SERVICE_ACCOUNT_EMAIL = '<EMAIL ADDRESS>'; 
$SERVICE_ACCOUNT_PKCS12_FILE_PATH = '<P12 FILE NAME>.p12'; 

$client = new Google_Client(); 
$client->setApplicationName('google-sync'); 
$adminService = new Google_Service_Directory($client); 
$key = file_get_contents($SERVICE_ACCOUNT_PKCS12_FILE_PATH); 
$cred = new Google_Auth_AssertionCredentials(
    $SERVICE_ACCOUNT_EMAIL, 
    array($SCOPE), 
    $key); 
$client->setAssertionCredentials($cred); 

$allUsers = $adminService->users->listUsers(); 

当我运行这段代码，我得到这个错误：

PHP Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:80 
Stack trace: 

#0 /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php(44): Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request)) 
#1 /projects/google-sync/vendor/google/apiclient/src/Google/Client.php(499): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request)) 
#2 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php(195): Google_Client->execute(Object(Google_Http_Request)) 
#3 /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php(2063): Google_Service_Resource->call('list', Array, 'Google_Service_...') 
#4 /projects/google-sync/auth-test.php(20): Google_Service_Directory_Users_Resource->listUsers() 
#5 {main} 
    thrown in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80 

Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request' in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80 

Google_Service_Exception: Error calling GET https://www.googleapis.com/admin/directory/v1/users: (400) Bad Request in /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php on line 80 

Call Stack: 
    0.0001  232296 1. {main}() auth-test.php:0 
    0.0172 2957992 2. Google_Service_Directory_Users_Resource->listUsers() /projects/google-sync/auth-test.php:20 
    0.0172 2959144 3. Google_Service_Resource->call() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Directory.php:2063 
    0.3356 2970752 4. Google_Client->execute() /projects/google-sync/vendor/google/apiclient/src/Google/Service/Resource.php:195 
    0.3356 2971568 5. Google_Http_REST::execute() /projects/google-sync/vendor/google/apiclient/src/Google/Client.php:499 
    0.7015 2974424 6. Google_Http_REST::decodeHttpResponse() /projects/google-sync/vendor/google/apiclient/src/Google/Http/REST.php:44 

当我下载了P12文件，我得到了与私有密钥关联的密码，但我无法找到有关如何包含该密码的任何文档。这是我的问题吗？

Answer 1

我能够通过进入我的域的管理控制台，转到安全性下的管理API客户端访问页面，并从开发者控制台添加客户端ID并添加了我需要的范围来修复此问题。

有关更多信息，请参见this part of the docs。

Answer 2

我正面临同样的问题。服务帐户在发出请求时应模拟域管理员。另外，listUsers（）期望域作为参数传递。

可以确保您已经把域范围内的机关服务帐户 - https://developers.google.com/api-client-library/php/auth/service-accounts

$cred = new Google_Auth_AssertionCredentials(
    $service_account_name, 
    array($SCOPE), 
    $key 
); 
$cred->sub = "admin@domain.com"; 
//Get All users. 
$list = $service->users->listUsers(Array('domain' => 'domain.com')); 
//Get one user 
$userId = $service->users->get('someuser@domain.com');