There is a service account with domain-wide delegation and I need to get a list of users from Workspace by means of Admin SDK / Directory Api.
Should I always call serviceAccountCredentials.createDelegated( delegatedUserEmail ) or similar ? This means I has to know at least one user email before getting the list of users (emails). Is there workaround for specifying this email?
final ServiceAccountCredentials serviceAccountCredentials = ServiceAccountCredentials
.fromPkcs8(
clientId,
clientEmail,
serviceAccountPkcs8Key,
serviceAccountPkcs8Id,
Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_USER_READONLY));
final GoogleCredentials delegatedCredentials = serviceAccountCredentials.createDelegated(delegatedUserEmail);
HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(delegatedCredentials);
Directory directory = new Directory.Builder(
httpTransport, JSON_FACTORY, requestInitializer)
.setApplicationName(applicationName)
.build();
if I replace
final GoogleCredentials delegatedCredentials = serviceAccountCredentials.createDelegated(delegatedUserEmail);
HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(delegatedCredentials);
with
HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(
serviceAccountCredentials.createScoped(DirectoryScopes.ADMIN_DIRECTORY_USER_READONLY));
api responds an error:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 400 Bad Request
GET https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&maxResults=500
{
"code" : 400,
"errors" : [ {
"domain" : "global",
"message" : "Invalid Input",
"reason" : "invalid"
} ],
"message" : "Invalid Input"
}
question from:
https://stackoverflow.com/questions/65886813/should-i-always-use-serviceaccountcredentials-createdelegated-when-using-servi 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
