service_account_mail = 'xxxxxx@developer.gserviceaccount.com'
service_account_client_id = 'xxxxxx.apps.googleusercontent.com'
with open("private_key.p12") as f:
private_key = f.read()
gapps_scope=[
'https://www.googleapis.com/auth/drive',
'https://apps-apis.google.com/a/feeds/emailsettings/2.0/',
]
credentials = SignedJwtAssertionCredentials(service_account_mail, private_key, gapps_scope)
print credentials.access_token
None
credentials.get_access_token()
credentials.access_token
Now I get something useful
headers = {
'Authorization': 'Bearer ' + credentials.access_token,
'Content-type': 'application/atom+xml'
}
url_tpl = """https://apps-apis.google.com/a/feeds/emailsettings/2.0/mydomain.com/%s/%s"""
url = url_tpl % (myusername, 'label')
r = requests.get(url, headers=headers)
403 - 'You are not authorized to access this API.'
body_tpl = """<?xml version="1.0" encoding="utf-8"?>
<atom:entry xmlns:atom="http://www.w3.org/2005/Atom" xmlns:apps="http://schemas.google.com/apps/2006">
<apps:property name="signature" value="%s" />
</atom:entry>"""
url = url_tpl % (myusername, 'signature')
payload = body_tpl % 'Test'
r = requests.put(url, headers=headers, data=payload)
403 - 'You are not authorized to access this API.'
r = requests.get(url, headers=headers)
403 - 'You are not authorized to access this API.'
drive_url = "https://www.googleapis.com/drive/v2/files"
headers = { 'Authorization': 'Bearer ' + credentials.access_token, }
r = requests.get(drive_url, headers=headers)
200 - 'OK'
また試してみました: EmailSettingsClient + AuthSubToken、EmailSettingsClient + client.auth_token オーバーライド、EmailSettingsClient + HttpRequest(headers=additional_headers)、EmailSettingsClient + OAuth2TokenFromCredentials(credentials).authorize
ステップ 2 で OAuth 2.0 Playground でサービス アカウントの credential.access_token を直接使用すると、同じ結果が得られます。つまり、ドライブでは機能しますが、EmailSettings では機能しません。
他の誰かがそれが機能することを確認して(実際に試してください)、ここで私が間違っていることを説明できますか?
どうもありがとう。