Google Admin SDK JAVA API getting empty user list

0
votes

Following code is same from PlusService Account Sample and I have modified it for Directory API, created new test user, assigned id and password, it returns empty {} instead of returning user test

GoogleCredential credential = new GoogleCredential.Builder().setTransport(httpTransport)
        .setJsonFactory(JSON_FACTORY)
        .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
        .setServiceAccountScopes(Collections.singleton( DirectoryScopes.ADMIN_DIRECTORY_USER))
        .setServiceAccountPrivateKeyFromP12File(new File("key.p12"))
        .setServiceAccountUser("[email protected]")
        .build();
    // set up global Plus instance
    plus = new Plus.Builder(httpTransport, JSON_FACTORY, credential)
        .setApplicationName(APPLICATION_NAME).build();
    dir = new Directory.Builder(httpTransport, JSON_FACTORY, credential)
    .setApplicationName("some name").build();
    User test= new User();
    test.setCustomerId("1");
   test.setPassword("sdfsdf");
   dir.users().insert(test).execute();
    System.out.print("Return test"+dir.users().list().toString());
1
google-api-java-clientgoogle-admin-sdk
Loging required means your auth is not working! Are you using a service account?, do you need to use a private key instead via setServiceAccountPrivateKeyFromP12Fileomerio
I am using client ID for web applicatonsimpleProgrammer

1 Answers

0
votes

I think there are two issues with the authentication code above:

  1. CLIENT_ID = "[email protected]"; looks like the email address from the cloud console rather than the client id, when I look at the cloud console I see these two fields

CLIENT ID 350427230836-43vs8qmh24dmn4hs4ih2jv8jeq8htulk.apps.googleusercontent.com

EMAIL ADDRESS 350427230836-43vs8qmh24dmn4hs4ih2jv8jeq8htulk@developer.gserviceaccount.com

so it seems you are using the email address rather than the client id which doesn't have @developer on it

  1. .setClientAuthentication(new BasicAuthentication(CLIENT_ID, CLIENT_SECRET)), there doesn't seem to be much documentation on this, but there seems to be this test class in the OAuth client code and it uses the client id and secret string for the basic auth, I doubt this is correct. Basic auth requires an actual username and password, so this will be the email address and password of the Google account you want to use for this OAuth.

I do not recommend using username password for OAuth, you either use a service account with domain wide delegation or write some code to prompt an admin user in order to obtain an OAuth token, many examples are here (https://code.google.com/p/google-api-java-client/source/browse/?repo=samples)

See this answers for using a service account:

Create users using Service Account with Google Admin SDK?