Thanks for the advice.
at first,we found that user cannot get administrator authenticated thorw
the code below,
which other companies will get throw successfully.
*****************************************************************************
String sessionedDomain = loginPso.getDomain();
LOGGER.info("change domain: " + sessionedDomain);
NamespaceManager.set(sessionedDomain);
if (service.isUserAdmin()) {
loginPso.setRole(Role.SYSTEM_ADMIN);
// license will not be check if it is the administrator
// administrator's profile will be synchronized
User systemAdmin = userLogic.selectContractor(email);
if (systemAdmin == null) {
return null;
}
*****************************************************************************
service.isUserAdmin is false in spite of the user is administrator.
the method "isUserAdmin" is ↓
*****************************************************************************
boolean com.google.appengine.api.users.UserService.isUserAdmin()
isUserAdmin
boolean isUserAdmin()
Returns true if the user making this request is an admin for this
application, false otherwise.
Throws:
java.lang.IllegalStateException - If the current user is not logged in.
*****************************************************************************
then we check the page below ,found it can not be authenticated because of
error 403
https://developers.google.com/admin-sdk/directory/v1/reference/groups/list?hl=ja
so we think may be this user can not get authenticated by Directory API.
Cheers.
2015年7月23日木曜日 0時28分13秒 UTC+9 Patrice (Cloud Platform Support):
>
> Hmm, without knowing the domain or scope or seeing your authenticating
> code, this is not super easy to help you with this.
>
> I'd suggest trying to figure out what is different for this user's domain
> and changing that so it matches all your other customers.
>
> Another solution would be to try and post your question on StackOverflow.
> We do monitor that site and answer questions there, so you will get either
> us or someone else from the community to help you out. But you'll need to
> add some details, right now this is not really answerable, as we're lacking
> details.
>
> Cheers!
>
> On Tuesday, July 21, 2015 at 9:09:20 PM UTC-4, 東久世高義 wrote:
>>
>> Thanks for the advice.
>>
>> We made a application with GAE.
>> So we can let user use the app from Company A ,B,C,...to Z under their
>> own domain .
>> And, to use the app,user must have a Gmail account which hosting to
>> Google.
>>
>> We do use Oauth2
>> <https://developers.google.com/api-client-library/python/guide/aaa_oauth> to
>> do the authentication .
>> And the situiton is only the Company A can not access the app.
>> Which ,the Company's administrator can not get authenticated by
>> Directory API.
>>
>>
>>
>> 2015年7月22日水曜日 2時01分39秒 UTC+9 Patrice (Cloud Platform Support):
>>>
>>> Hi!
>>>
>>> I'm not 100% sure I get your issue.
>>>
>>> You are from Company B and you're trying to get information from Company
>>> A? You'll need to authenticate using Oauth2
>>> <https://developers.google.com/api-client-library/python/guide/aaa_oauth>
>>> .
>>>
>>> Cheers!
>>>
>>> On Tuesday, July 21, 2015 at 1:20:10 AM UTC-4, 東久世高義 wrote:
>>>>
>>>> [What we asked]
>>>> How can we get authenticated By Directory API
>>>>
>>>> [What is now confused ]
>>>> When we use the Directory API from GoogleApps to get account
>>>> informations ,
>>>> only the company A can not get the informations,others will be ok.
>>>>
>>>> [What we found]
>>>> When excute this page ,we get error 403
>>>> →
>>>> https://developers.google.com/apis-explorer/#p/admin/directory_v1/directory.groups.list?customer=my_customer&domain=[CompanyA's
>>>>
>>>> domail]&_h=1&
>>>> →result is :
>>>>
>>>>
>>>> 403 Forbidden
>>>>
>>>> - Show headers -
>>>>
>>>> {
>>>> "error": {
>>>> "errors": [
>>>> {
>>>> "domain": "global",
>>>> "reason": "forbidden",
>>>> "message": "Not Authorized to access this resource/api"
>>>> }
>>>> ],
>>>> "code": 403,
>>>> "message": "Not Authorized to access this resource/api"
>>>> }
>>>>
>>>> }
>>>>
>>>> [The Condition to get authenticated ]
>>>> 1.The excute account is the administratror of Gmail Domain
>>>> 2. GoogleApps Access is checked on at GoogleApps console
>>>> which Company A 's account is also the same setting
>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/b8874873-8943-451a-b764-18f7a3d740c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
