Getting list of users in Google Admin SDK

StackOverflow https://stackoverflow.com/questions/19799155

  •  04-07-2022
  •  | 
  •  

Pergunta

I have OAuth login in my app. After that I have access_token.

I check token in google token info service:

https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=<access_token>

And It returns:

{
"issued_to": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"audience": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/admin.directory.group  https://www.googleapis.com/auth/admin.directory.orgunit https://www.googleapis.com/auth/admin.directory.user",
"expires_in": 3299,
"access_type": "online"
}

As you can see I have admin user directory permission.

Then I send GET request for getting information about user

curl -X GET https://www.googleapis.com/admin/directory/v1/users/test_user@test.com?access_token=<access_token>

And google returned me right user information. After that I decided to get list of users.

curl -X GET https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=<access_token>

And google returned me:

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "required",
    "message": "Login Required",
    "locationType": "header",
    "location": "Authorization"
   }
  ],
  "code": 401,
  "message": "Login Required"
 }
}

But I don't understand why google returned me so error.

Could you please help me with this problem?

Thanks.

Foi útil?

Solução

There are two solutions here.

1.This is the simple one. Put the URL params in quotes. This should do the trick - (fake access token used)

curl "https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI"

You don't need to pass in -X GET as that is the default.

2.In general it is bad practice to send the access_token in the URL as this URL may get logged somewhere along the way for innocuous reasons. You can also do this through HTTP Header of Authorization -

curl -H "Authorization: Bearer asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI" https://www.googleapis.com/admin/directory/v1/users?customer=my_customer

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top