googleapis giving back bad request

Question

Having implemented oauth2.0 and done a handshake using the scopes:

"https://www.googleapis.com/auth/userinfo.email ",
"https://www.googleapis.com/auth/userinfo.profile",
"https://www.googleapis.com/auth/admin.directory.user ",
"https://www.googleapis.com/auth/admin.directory.group ",
"https://www.googleapis.com/auth/admin.directory.orgunit ",

I get back a token

the request

$ curl -X GET  https://www.googleapis.com/oauth2/v1/userinfo?access_token=<Token>
{
 "id": "{id}",
 "email": "{email}",
 "verified_email": true,
 "name": "{name}",
 ...
}

as it should.

however a requst to the admin.directory.user namespace does not succeed:

$ curl -X GET https://www.googleapis.com/admin/directory/v1/users?access_token=<Token>
{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "badRequest",
    "message": "Bad Request"
   }
  ],
  "code": 400,
  "message": "Bad Request"
 }
}

Any good ideas to why this is?

The request to admin.directory.users is constructed from https://developers.google.com/admin-sdk/directory/v1/reference/#Users

score 1 · Answer 1 · edited May 23 '17 at 11:56

1

At the very least, you need to include the Content-Type header:

curl -X GET -H "Content-Type: application/json" https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=<Token>

For a full script that implements this API with CURL and BASH see this answer.

Note that the documentation is currently incorrect because it lists customer as an optional parameter when it is in fact required.

edited May 23 '17 at 11:56

Community

1
1

answered Sep 09 '13 at 19:47

Jay Lee

13,199
3
26
58

the content type didn't really change a thing :) – Martin Kristiansen Sep 09 '13 at 20:26
1

try the rest of the parameters from my script then. – Jay Lee Sep 09 '13 at 20:33
1

updated answer to note that customer attribute is required, not optional. The docs are currently wrong about this. – Jay Lee Sep 10 '13 at 14:00
I would have to say that the docs from google are ... lacking to say the least, most of the information refers to dead links and other things of that nature. – Martin Kristiansen Sep 10 '13 at 17:39
I tried your script, and when visiting the link I got "The redirect URI in the request: urn:ietf:wg:oauth:2.0:oob did not match a registered redirect URI" and the app console did not accept adding urn:ietf:wg:oauth:2.0:oob – Martin Kristiansen Sep 10 '13 at 18:18
It sounds like you switched to using your own API key and it's not a key from an installed application. Try using the key/secret already in the source, it's for an installed application. – Jay Lee Sep 10 '13 at 20:21
The settings already in the file break completely with "Invalid Credentials" – Martin Kristiansen Sep 10 '13 at 20:45
did you delete the cached ~/ – Jay Lee Sep 10 '13 at 20:54

score 1 · Answer 2 · answered Sep 10 '13 at 22:06

1

You need to specify either the domain (to get fields from only one domain) or the customer (to return all domains for a customer account).

I filed a bug to make more clear that is required to provide one of the two parameters.

answered Sep 10 '13 at 22:06

Silvano

995
5
6

Thanks Silvano, I guess from your location that your my inside man, just a heads up every internal link on https://developers.google.com/google-apps/marketplace/sso#gs are dead. - making it rather hard to "get started" – Martin Kristiansen Sep 11 '13 at 15:11

googleapis giving back bad request

2 Answers2