Error with GoogleCredentials and Directory in google-admin-sdk

0
votes

I'm trying to access google admin-directory API to create, delete or remove users as administrator.

I'm trying to develop an application that allows to update or delete a user.

I tried to take two paths.

In the first way, I used the code shown: Google Admin Directory API is returning 400 bad request

But adapting the code is like follows:

HttpTransport httpTransport = new NetHttpTransport(); JacksonFactory jsonFactory = new JacksonFactory();

        GoogleCredential credential;

SCOPES.add("https://www.googleapis.com/auth/admin.directory.user");
GoogleCredential credential;
try {
    credential = new GoogleCredential.Builder()
        .setTransport(httpTransport)
        .setJsonFactory(jsonFactory)
        .setServiceAccountId(
            "XXXXXXXXXX@developer.gserviceaccount.com")
        .setServiceAccountUser("XXX@subdomain.domain.com")//(The administrator account)
        .setServiceAccountScopes(SCOPES)
        .setServiceAccountPrivateKeyFromP12File(
            new File("WEB-INF/KeY.p12")).build();
    credential.setAccessToken(oauthToken);

    resp.getWriter().println(credential.getServiceAccountId());


Directory directory = new Directory.Builder(httpTransport, jsonFactory, credential).setApplicationName("User Sync Service")
        .setHttpRequestInitializer(credential).setApplicationName("Example APP").build();

resp.getWriter().println();
Directory.Users.List list = directory.users().list();
list.setDomain("subdomain.domain.com");
Users users = list.execute();

In this case, the problem is when the Directory object (Directory directory = new Directory.Builder(...) ) instanciate's or executes, and this is the error:

Uncaught exception from servlet
com.google.api.client.auth.oauth2.TokenResponseException: 400 OK
{
  "error" : "invalid_grant"
}
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:332)
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:352)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:269)
at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:454)
at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:215)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:854)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)
at com.ejemploprueba.Inbox.doGet(Inbox.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:35)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:266)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:146)
at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:439)
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:435)
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:442)
at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:186)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:306)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:298)
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:439)
at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:251)
at java.lang.Thread.run(Thread.java:722)

The second way is to create a servlet that call to the api with SCOPE = "https://www.googleapis.com/auth/admin.directory.user", to get the acces_token and the user in a second servlet.

In this way I find the problem to create a GoogleCredential and connect to with the services server with the acces_token and the user, and then instantiate the object "Directory" to show in step 1.

Where:

acces_token:  ya29.AHES6ZREQdCcm7FqZGg3Do0jYxN-XXXXXXXXXXX-YYYYYYYYYYYYYy
and
User: user@subdomain.domain.com

I enabled the "Admin SDK" option into the Google Api Console / Services

How can I fix the error that occurs in the first case? What is the solution to the second way? What it's the better solution, the first way or the second?

Thank you very much in advance and greetings.

2
javagoogle-app-engineservletsgoogle-oauthgoogle-admin-sdk
Did you manage to solve this problem? I am kind of in the similar situation.user1076371
Did you ever solved this?momo

2 Answers

0
votes

For case 1 when you call:

credential.setAccessToken(oauthToken);

You are replacing the access token obtained from the Google Authorization Server with the content of oauthToken, which looks like is not a valid access token for that service account.

0
votes

Not sure if this will help you, but I've done something similar in C#. Had some serious authorization-issues at first, but finally made it.

Check this stackoverflow Trying to Create users in Google Apps domain in Windows Forms code