使用Google API将外部用户添加到G Suite组
Problem:
Corporate Google Drive is not yet able to open team drives to the entire Internet.
I don’t want to move a folder to a personal disk - it’s convenient to work with a team on a team drive.
How I want to solve the problem:
- There is a form at https://leadstartup.ru/go
- After filling out this form, the user's email must be added via the API to the G Suite group in order to access the General Drive on Google Drive.
What is done:
- Written class, which in theory should correctly work out
use Google_Client;
use Google_Service_Directory;
use Google_Service_Directory_Member;
class GoogleClient
{
/**
* Returns an authorized API client.
* @return Google_Client the authorized client object
*/
private function getClient()
{
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
$client->setApplicationName("LeadStartup");
$client->setScopes([
Google_Service_Directory::ADMIN_DIRECTORY_GROUP,
Google_Service_Directory::ADMIN_DIRECTORY_GROUP_MEMBER,
Google_Service_Directory::ADMIN_DIRECTORY_USER
]);
$client->setSubject('a.kolomensky@leadstartup.ru');
return $client;
}
public function addEmailToPublicGroup()
{
$member = new Google_Service_Directory_Member();
$member->setEmail('m.ryazhenka@leadstartup.ru');
$member->setRole('MEMBER');
$directory = new Google_Service_Directory($this->getClient());
$directory->members->insert('friends@leadstartup.ru', $member);
}
}
- A service account is registered
Domain-wide delegation enabled.
- json-file is correct and set to env
putenv('GOOGLE_APPLICATION_CREDENTIALS=' . __DIR__ . '/private/LeadStartup-8c8edffdb357.json');
- Scopes was added to G Suite
As a result, I get 401 error unauthorized_client Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.
Please, help me with this issue. What I'm missing?