Reputation: 10222
googleapis giving back bad request
Having implemented oauth2.0 and done a handshake using the scopes:
"https://www.googleapis.com/auth/userinfo.email ",
"https://www.googleapis.com/auth/userinfo.profile",
"https://www.googleapis.com/auth/admin.directory.user ",
"https://www.googleapis.com/auth/admin.directory.group ",
"https://www.googleapis.com/auth/admin.directory.orgunit ",
I get back a token
the request
$ curl -X GET https://www.googleapis.com/oauth2/v1/userinfo?access_token=<Token>
{
"id": "{id}",
"email": "{email}",
"verified_email": true,
"name": "{name}",
...
}
as it should.
however a requst to the admin.directory.user namespace does not succeed:
$ curl -X GET https://www.googleapis.com/admin/directory/v1/users?access_token=<Token>
{
"error": {
"errors": [
{
"domain": "global",
"reason": "badRequest",
"message": "Bad Request"
}
],
"code": 400,
"message": "Bad Request"
}
}
Any good ideas to why this is?
The request to admin.directory.users is constructed from https://developers.google.com/admin-sdk/directory/v1/reference/#Users
Upvotes: 2
Views: 1054
Answers (3)
Reputation: 34096
I had the same problem retrieving all users through https://www.googleapis.com/auth/admin.directory.user endpoint. According to the documentation, you could do that in a specific domain by passing the domain as a parameter or get all existing users by passing the customer=my_customer parameter as follows:
- Retrieve all users in a domain doc:
https://www.googleapis.com/auth/admin.directory.user?domain=example.com
or
- Retrieve all account users doc:
https://www.googleapis.com/auth/admin.directory.user?customer=my_customer
In google playground oauth2 also you can test the above stuff by selecting Admin SDK API directory_v1 and auth/admin.directory.user.readonly to authorize the respective scope, then call the above requests.
Note that, you may need to get access to google playground within your google admin dashboard under the security apps section.
Upvotes: 2
Reputation: 1005
You need to specify either the domain (to get fields from only one domain) or the customer (to return all domains for a customer account).
I filed a bug to make more clear that is required to provide one of the two parameters.
Upvotes: 2
Reputation: 13528
At the very least, you need to include the Content-Type header:
curl -X GET -H "Content-Type: application/json" https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=<Token>
For a full script that implements this API with CURL and BASH see this answer.
Note that the documentation is currently incorrect because it lists customer as an optional parameter when it is in fact required.
Upvotes: 1
Related Questions
- When i make request to googleapis, getting 400 Bad Request
- TokenResponseException: 401 Unauthorized Exception when trying to access Admin SDK Google API.
- Google Admin SDK 403 Not Authorized to Access this Resource/API
- Getting "Domain cannot use apis" when using Google Admin SDK Directory API
- Unauthorized when calling Google Admin SDK Directory API
- Google Admin SDK - Exception access_denied Requested client not authorized
- Google API Admin SDK Error (Requested client not authorized)
- Google Admin SDK throws bad request java client
- Unable to consume APIs of Admin SDK (JAVA)
- Google GetAccessToken : Bad Request 400