Luca
Reputation: 41
Google API PHP - listing groups of an user
i am struggling with google API. I am creating a website where I would like to read the groups of which the authenticated user is a member.
I have read everything about the subject, but many examples are very old and in the meantime things have changed.
This is the code I'm testing:
<?php
require 'lib/google-api/vendor/autoload.php';
// Creating new google client instance
$client = new Google_Client();
// Enter your Client ID
$client->setClientId('***.apps.googleusercontent.com');
// Enter your Client Secrect
$client->setClientSecret('***');
// Enter the Redirect URL
$client->setRedirectUri('***');
$client->setApplicationName("Test");
// Adding those scopes which we want to get (email & profile Information)
$client->addScope("email");
$client->addScope("profile");
$client->addScope("https://www.googleapis.com/auth/admin.directory.group.readonly");
$client->addScope("https://www.googleapis.com/auth/admin.directory.group.member.readonly");
if(isset($_GET['code'])){
$token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
if(!isset($token["error"])){
$client->setAccessToken($token['access_token']);
// getting profile information
$google_oauth = new Google_Service_Oauth2($client);
$google_account_info = $google_oauth->userinfo->get();
// Storing data into database
$email = $google_account_info->email;
$full_name = $google_account_info->name;
echo $email . "<br>";
// this is needed only if you need to perform
// domain-wide admin actions, and this must be
// an admin account on the domain; it is not
// necessary in your example but provided for others
$client->setSubject('***');
// set the authorization configuration using the 2.0 style
$client->setAuthConfig("***.json");
$adminService = new Google_Service_Directory($client);
$googleGroups = $adminService->groups->listGroups(array('domain'=>'mydomain.com'));
$groups = $googleGroups->getGroups();
}
}
?>
I am getting the following error
Uncaught Google_Service_Exception: {
"error": "unauthorized_client",
"error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}
I have already done a Google Workspace Domain-Wide Delegation of Authority (https://developers.google.com/admin-sdk/directory/v1/guides/delegation) and I created a user to impersonate with read permissions on groups and users.
Where am I doing wrong? Thank you!
Upvotes: 2
Views: 1038
Answers (1)
Luca
Reputation: 41
After some testing I made it work...
First of all i needed to give rights to the service account, not just at the one to impersonate.
$client = new Google_Client();
// Client ID
$client->setClientId(***);
// Client Secrect
$client->setClientSecret(***);
// Redirect URL
$client->setRedirectUri('https://www.mywebsite.com');
$client->setApplicationName('App name');
// Scopes for group reading, profile and email info
$client->addScope('https://www.googleapis.com/auth/admin.directory.group.readonly');
$client->addScope('https://www.googleapis.com/auth/userinfo.email');
$client->addScope('https://www.googleapis.com/auth/userinfo.profile');
if(isset($_GET['code'])){
$token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
if(!isset($token["error"])){
$client->setAccessToken($token['access_token']);
$google_oauth = new Google_Service_Oauth2($client);
// User info
$google_account_info = $google_oauth->userinfo->get();
$email = $google_account_info->email;
// Service account info
$client->setAuthConfig('***.json');
// Who i want to impersonate
$client->setSubject('[email protected]');
$service = new Google_Service_Directory($client);
// Search groups of the logged user
$optParams = array(
'domain' => 'mywebsite.com',
'userKey' => $email
);
$googleGroups = $service->groups->listGroups($optParams);
$groups = $googleGroups->getGroups();
That's all :)
Upvotes: 2
Related Questions
- Google people.api, how to get members of a specific group?
- Find list of Members in group using google api services
- Google Users: List users data of a specific group
- Getting Google Groups for a list of users
- Google Groups: Retrieve list of groups for a user
- Getting all groups an user is a member of through oauth (google)
- How do I find all Google groups I am member of via api?
- Google Groups PHP API Get existing Group
- How do I programmatically find the members of a Google Group?
- Google Groups API