設定 User Invitation API
本頁面說明如何設定 Cloud Identity User Invitation API。
啟用 API 並設定憑證
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Enable the Cloud Identity API.
-
Create a service account:
-
In the Google Cloud console, go to the Create service account page.
Go to Create service account - Select your project.
-
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.
In the Service account description field, enter a description. For example,
Service account for quickstart. - Click Create and continue.
-
Grant the Project > Owner role to the service account.
To grant the role, find the Select a role list, then select Project > Owner.
- Click Continue.
-
Click Done to finish creating the service account.
Do not close your browser window. You will use it in the next step.
-
-
Create a service account key:
- In the Google Cloud console, click the email address for the service account that you created.
- Click Keys.
- Click Add key, and then click Create new key.
- Click Create. A JSON key file is downloaded to your computer.
- Click Close.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Enable the Cloud Identity API.
-
Create a service account:
-
In the Google Cloud console, go to the Create service account page.
Go to Create service account - Select your project.
-
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.
In the Service account description field, enter a description. For example,
Service account for quickstart. - Click Create and continue.
-
Grant the Project > Owner role to the service account.
To grant the role, find the Select a role list, then select Project > Owner.
- Click Continue.
-
Click Done to finish creating the service account.
Do not close your browser window. You will use it in the next step.
-
-
Create a service account key:
- In the Google Cloud console, click the email address for the service account that you created.
- Click Keys.
- Click Add key, and then click Create new key.
- Click Create. A JSON key file is downloaded to your computer.
- Click Close.
https://www.googleapis.com/auth/cloud-identity.userinvitations
安裝 Python 用戶端程式庫
如要安裝 Python 用戶端程式庫,請執行下列指令:
pip install --upgrade google-api-python-client google-auth \
google-auth-oauthlib google-auth-httplib2
如要進一步瞭解如何設定 Python 開發環境,請參閱 Python 開發環境設定指南。
以設定全網域委派功能的服務帳戶進行驗證
如要為帳戶提供全網域權限,以便代表管理員管理使用者邀請,請以服務帳戶的身分進行驗證,然後授予全網域權限。
如需操作說明,請參閱「將網域層級的權限委派給服務帳戶」。您必須提供下列範圍,才能授權服務帳戶:
例項化用戶端
以下範例說明如何使用服務帳戶憑證建立用戶端例項。如要改為以使用者身分進行驗證,請將服務帳戶的憑證物件,替換為您先前在「針對網路伺服器應用程式使用 OAuth 2.0」一文中取得的憑證。
Python
from google.oauth2 import service_account
import googleapiclient.discovery
SCOPES = ['https://www.googleapis.com/auth/cloud-identity.userinvitations']
SERVICE_ACCOUNT_FILE = '/path/to/service-account-file.json'
def create_service():
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES)
delegated_credentials = credentials.with_subject('user@altostrat.com')
service_name = 'cloudidentity'
api_version = 'v1'
service = googleapiclient.discovery.build(
service_name,
api_version,
credentials=delegated_credentials)
return service
現在可以開始呼叫 User Invitation API。