search

googleapis / google-api-php-client

A PHP client library for accessing Google APIs
http://googleapis.github.io/google-api-php-client/
Apache License 2.0
9.33k stars 3.52k forks source link

Example request: domain-wide delegation case for the service account #1931

Open soundlake opened 4 years ago

soundlake commented 4 years ago

I've had a problem that the API client gave me HTTP 404 Error with the domain-wide delegated service account while all the configuration in both Google Cloud Platform and the Google Admin for G Suite. I've contacted the Google team, and I got the answer: I had to impersonate a user account! (https://developers.google.com/identity/protocols/oauth2/service-account#authorizingrequests)

I've read the source code here and I found that in this PHP client I should call Google_Client::setSubject(). Although the doc here explains that, but it'd be much intuitive if there are some additional lines of code in the example, like the following:

 if ($credentials_file = checkServiceAccountCredentialsFile()) {
   // set the location manually
   $client->setAuthConfig($credentials_file);
+  // impersonate if the domain-wide delegation is used
+  $client->setSubject('user@g-suite.domain');
bshaffer commented 4 years ago

Since that example is only for a service account, and not for domain-wide delegation, I'd prefer to leave it as-is. however, we could add a commented-out line like so:

 if ($credentials_file = checkServiceAccountCredentialsFile()) {
   // set the location manually
   $client->setAuthConfig($credentials_file);
   // if the domain-wide delegation is used:
   // $client->setSubject('user@g-suite.domain');