[google-apps-apis] Help with oAuth 2LO + Zend Provisioning API

[Isidoro!]

Hi Guys,

I'm trying to build a PHP application to rename users in Google Apps. I'm 
using Provisioning API and 2LO with Zend. I have problems with access.
This is my code:

$oauthOptions = array(
    'requestScheme' => Zend_Oauth::REQUEST_SCHEME_HEADER,
    'version' => '1.0',
    'signatureMethod' => 'HMAC-SHA1',
    'consumerKey' => $CONSUMER_KEY,
    'consumerSecret' => $CONSUMER_SECRET
);

$consumer = new Zend_Oauth_Consumer($oauthOptions);
$token = new Zend_Oauth_Token_Access();
$httpClient = $token->getHttpClient($oauthOptions);

$service = new Zend_Gdata_Gapps($httpClient, $DOMAIN);
$service->enableRequestDebugLogging('/tmp/foo.txt');
$updateUser = $service->retrieveUser($USER);

echo 'user to change ' . $updateUser->login;

$updateUser->login->name = 'x1';
$updateUser = $updateUser->save();

If I set the scope to https://apps-apis.google.com/a/feeds/user/#readonly 
I'm able to retrieve the user. 
I have disabled from the control panel Two-legged OAuth access control 
(allow Access to All API) and added the scope   
https://apps-apis.google.com/a/feeds/user/2.0/domain/ to update the user 
but I get a Zend Exception 

GET /a/feeds/XXXXXX.com/user/2.0/XXXXXXX HTTP/1.1
Host: apps-apis.google.com
Connection: close
User-Agent: MyCompany-MyApp-1.0 Zend_Framework_Gdata/1.11.0dev
Accept-encoding: identity
Authorization: OAuth 
realm="",oauth_consumer_key="cloudspartner.com",oauth_nonce="a52fa4056615b5623c9e4b9c6ce55b85",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1331891784",oauth_version="1.0",oauth_signature="DczkQoN2VJpDkyXGMgcFedCcMMg%3D"

Closing socket

Closing socket

HTTP/1.1 401 Unknown authorization header
WWW-Authenticate: GoogleLogin 
realm="http://www.google.com/accounts/ClientLogin";, service="apps"
Content-Type: text/html; charset=UTF-8
Date: Fri, 16 Mar 2012 09:56:25 GMT
Expires: Fri, 16 Mar 2012 09:56:25 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<HTML>
<HEAD>
<TITLE>Unknown authorization header</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Unknown authorization header</H1>
<H2>Error 401</H2>
</BODY>
</HTML>

Can you point me to the right direction?
I can always do ClienLogin, but I'm trying to avoid it.

Thanks and regards,


-- 
You received this message because you are subscribed to the Google Groups 
"Google Apps Domain Information and Management APIs" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-apps-mgmt-apis/-/JeDaiWOzGd0J.
To post to this group, send email to google-apps-mgmt-apis@googlegroups.com.
To unsubscribe from this group, send email to 
google-apps-mgmt-apis+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-apps-mgmt-apis?hl=en.