デバイスの承認
次の例では、ユーザーの承認状態を更新する方法を示します。
REST
承認状態を更新するには、デバイス名と顧客オブジェクトを指定して devices.deviceUsers.approve()
を呼び出します。
Python HTTP
次の例では、Python HTTP ライブラリを使用して承認状態を更新するヘルパー関数を示します。
"""Example script to use the approve method of the Devices API."""
import pprint
from six.moves import urllib
import google.auth.transport.requests
from google.oauth2 import service_account
SCOPES = ['https://www.googleapis.com/auth/cloud-identity.devices']
BASE_URL = 'https://cloudidentity.googleapis.com/v1/'
# Change this to the location of the service account key
SA_FILE = ''
# Enter the administrator to call as here.
ADMIN_EMAIL = ''
# Enter the Device User Resource Name. You can get this from the value
# of the name field in the results of a List method call
RESOURCE_NAME = ''
if not SA_FILE:
print('Please specify the location of the service account key file')
if not ADMIN_EMAIL:
print('Please specify the email of the administrator to call as')
if not RESOURCE_NAME:
print('Please specify the Device User Resource Name to be approved')
if not SA_FILE or not ADMIN_EMAIL or not RESOURCE_NAME:
exit(-1)
def create_delegated_credentials(user_email):
credentials = service_account.Credentials.from_service_account_file(
SA_FILE,
scopes=['https://www.googleapis.com/auth/cloud-identity.devices'])
delegated_credentials = credentials.with_subject(user_email)
return delegated_credentials
######################################################################
# AUTHENTICATE the service account and retrieve an oauth2 access token
request = google.auth.transport.requests.Request()
dc = create_delegated_credentials(ADMIN_EMAIL)
dc.refresh(request)
print('Access token: ' + dc.token + '\n')
###############################
# Approve the DeviceUser
header = {
'authorization': 'Bearer ' + dc.token,
'Content-Type': 'application/json'
}
action_url = BASE_URL + RESOURCE_NAME + ':approve'
request = urllib.request.Request(action_url, None, headers=header)
request.get_method = lambda: 'POST'
try:
approve_response = urllib.request.urlopen(request)
except urllib.error.HTTPError as e:
if e.code == 400:
print('The request was invalid. Perhaps the device is already approved?')
else:
print('Unknown error occurred')
exit(-1)
pp = pprint.PrettyPrinter(indent=4)
pp.pprint(approve_response)
RESOURCE_NAME
は、デバイス リソースから取得したリソースの名前に設定されます。