just started using google admin SDK,trying to retrieve specific user's infomation.
i keep getting the same error over and over
[29-May-2015 14:41:18 Africa/Tunis] PHP Fatal error: Uncaught
exception 'Google_Auth_Exception' with message 'Error refreshing the
OAuth2 token, message: '{ "error" : "invalid_grant"
during my research i found that it's mostly a syncing problem(server time)
but my web app is hosted on a third party server.checked my service account credentials
Ps: don't know if it matters but the server's time zone is GMT+1
`
<?php
require 'src/Google/autoload.php';
session_start();
$timestamp = $_SERVER['REQUEST_TIME'];
echo gmdate("Y-m-d\TH:i:s\Z", $timestamp);
$service_account_name = "xx";
$key_file_location = "yyy.p12";
$client = new Google_Client();
$client->setApplicationName("Members");
$directory = new Google_Service_Directory($client);
if (isset($_SESSION['service_token']) && $_SESSION['service_token']) {
$client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
// Replace this with the email address from the client.
$service_account_name,
// Replace this with the scopes you are requesting.
array('https://www.googleapis.com/admin/directory/v1/users'),
$key,
'notasecret'
);
$cred->sub = "admin-email";
$client->setAssertionCredentials($cred);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();
$email = "personto lookfor-email";
$r = $dir->users->get($email);
if($r) {
echo "Name: ".$r->name->fullName."<br/>";
echo "Suspended?: ".(($r->suspended === true) ? 'Yes' : 'No')."<br/>";
echo "Org/Unit/Path: ".$r->orgUnitPath."<br/>";
} else {
echo "User does not exist: $email<br/>";
// if the user doesn't exist, it's safe to create the new user
}
`
The reason of the "Invalid grant" error may be due to the refresh token not working. This happens When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned. Here is the link for more documentation.
Related
I'm running some Google drive project that will handles uploading of some file, I have a code "refreshtoken.php" that will do getting the authentication link and do the authentication process and will call the "callback.php" that will get the authentication code in exchange for refresh token(see the code below).
This code work fine for me, but after maybe 24 hours I need to do the authentication process again. I want this authentication process to be done only once because in my project their will be no person involve so nobody will do the authentication manually. Any help would greatly appreciated.
"refreshtoken.php"
<?php
require __DIR__ . '/vendor/autoload.php'; // load library
session_start();
$client = new Google_Client();
// Get your credentials from the console
$client->setApplicationName('Google Drive API PHP Quickstart');
$client->setRedirectUri('http://localhost/query.php');
$client->setScopes(Google_Service_Drive::DRIVE);
$client->setAuthConfig('credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
if (isset($_GET['code'])) {
$client->authenticate($_GET['code']);
$_SESSION['token'] = $client->getAccessToken();
$client->getAccessToken(["refreshToken"]);
$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
return;
}
if (isset($_SESSION['token'])) {
$client->setAccessToken($_SESSION['token']);
}
if (isset($_REQUEST['logout'])) {
unset($_SESSION['token']);
$client->revokeToken();
}
?>
<!doctype html>
<html>
<head><meta charset="utf-8"></head>
<body>
<header><h1>Get Token</h1></header>
<?php
if ($client->getAccessToken()) {
$_SESSION['token'] = $client->getAccessToken();
$token = json_decode($_SESSION['token']);
echo "Access Token = " . $token->access_token . '<br/>';
echo "Refresh Token = " . $token->refresh_token . '<br/>';
echo "Token type = " . $token->token_type . '<br/>';
echo "Expires in = " . $token->expires_in . '<br/>';
echo "Created = " . $token->created . '<br/>';
echo "<a class='logout' href='?logout'>Logout</a>";
file_put_contents("token.txt",$token->refresh_token); // saving access token to file for future use
} else {
$authUrl = $client->createAuthUrl();
print "<a id ='connect' class='login' href='$authUrl'>Connect Me!</a>";
}
?>
</body>
</html>
"callback.php"
<?php
require __DIR__ . '/vendor/autoload.php';
function url_origin( $s, $use_forwarded_host = false )
{
$ssl = ( ! empty( $s['HTTPS'] ) && $s['HTTPS'] == 'on' );
$sp = strtolower( $s['SERVER_PROTOCOL'] );
$protocol = substr( $sp, 0, strpos( $sp, '/' ) ) . ( ( $ssl ) ? 's' : '' );
$port = $s['SERVER_PORT'];
$port = ( ( ! $ssl && $port=='80' ) || ( $ssl && $port=='443' ) ) ? '' : ':'.$port;
$host = ( $use_forwarded_host && isset( $s['HTTP_X_FORWARDED_HOST'] ) ) ? $s['HTTP_X_FORWARDED_HOST'] : ( isset( $s['HTTP_HOST'] ) ? $s['HTTP_HOST'] : null );
$host = isset( $host ) ? $host : $s['SERVER_NAME'] . $port;
return $protocol . '://' . $host;
}
function full_url( $s, $use_forwarded_host = false )
{
return url_origin( $s, $use_forwarded_host ) . $s['REQUEST_URI'];
}
function GetBetween($content,$start,$end)
{
$r = explode($start, $content);
if (isset($r[1])){
$r = explode($end, $r[1]);
return $r[0];
}
return '';
}
$absolute_url = full_url( $_SERVER );
$code=GetBetween($absolute_url,'code=','&');
echo "Authentication code: ".$code;
$client = new Google_Client();
$client->setApplicationName('Google Drive API PHP Quickstart');
$client->setRedirectUri('http://localhost/query.php');
$client->setScopes(Google_Service_Drive::DRIVE);
$client->setAuthConfig('credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
$tokenPath = 'token.json';
$authCode = $code;
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
if (!file_exists(dirname($tokenPath))) {
mkdir(dirname($tokenPath), 0700, true);
}
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
?>
My comments and the answer by Senthil already contains the needed code, but it seems the OP is still confused, so I will write an answer to explain the core concept.
Google Drive API is an API that authenticates via OAuth. https://en.wikipedia.org/wiki/OAuth
In simple term, it's a mechanism to allow a client app (your program / your code), to access / consume a user's (resource owner's) resource (his Google Drive storage space), that exist in Google's server (resource server and also acting as authorization server).
Quoting from wikipedia:
OAuth (Open Authorization[1][2]) is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.[3][4] This mechanism is used by companies such as Amazon,[5] Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third-party applications or websites.
As client app, the flow goes like this:
redirecting user to google's oauth authorize endpoint
receiving redirection from google's oauth, with authorization code in url parameter (authorization code = one use code, short lived)
exchanging authorization code with refresh token (refresh token = can be used multiple times, long lived)
exchanging refresh token with access token (access token = used to do the API call / to access user's resource, short lived)
consuming the API, which needs access token
Above it's said that refresh token is long lived, but for actually how long? This actually depends on specific implementation of the oauth protocol, but for Google's oauth, I have asked a question myself 4 years ago here: When will a google oauth2 refresh token expired? and until this answer is written, the refresh token generated then (4 years ago) has not expired yet. I do make sure to periodically use the refresh token (at least once a month by cron). Also, if the user manually revoked your refresh token (revoke access to your app), your refresh token will be dead.
Here is the flow:
when user authenticates, call $client->getRefreshToken(), then save the result in database, in file, or in any other persistent storage, example:
$refresh_token = $client->getRefreshToken();
file_put_contents("/home/myusername/refresh_token.txt", $refresh_token);
when you need to access user's resource / call the API (e.g.: when uploading files automatically without user's intervention), load the stored refresh token, then call the API like this:
$refresh_token = your_method_to_load_refresh_token($username);
// e.g.:
// $refresh_token = file_get_contents("/home/myusername/refresh_token.txt");
$client->fetchAccessTokenWithRefreshToken($refresh_token);
$client->some_method_to_upload_file($file);
Check whether the access token is expired with below code snippet and handle it. Based on access token you can get the refresh token accordingly or regenerate a new refresh token based on access token. Code borrowed from https://developers.google.com/drive/api/v3/quickstart/php
// If there is no previous token or it's expired.
if ($client->isAccessTokenExpired()) {
// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
} else {
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = trim(fgets(STDIN));
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
// Check to see if there was an error.
if (array_key_exists('error', $accessToken)) {
throw new Exception(join(', ', $accessToken));
}
}
// Save the token to a file.
if (!file_exists(dirname($tokenPath))) {
mkdir(dirname($tokenPath), 0700, true);
}
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
}
I am trying to use google API to get events off calendars on an account. I am using a service account. I am receiving two errors when I attempt to manually echo the code or it will remain a blank page if I use foreach(...).
Here are the two errors:
Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling GET https://www.googleapis.com/calendar/v3/users/me/calendarList/primary: (404) Not Found' in C:\wamp\www\newOLP\scripts\oAuth2\Google\Http\REST.php on line 110
( ! ) Google_Service_Exception: Error calling GET https://www.googleapis.com/calendar/v3/users/me/calendarList/primary: (404) Not Found in C:\wamp\www\newOLP\scripts\oAuth2\Google\Http\REST.php on line 110
Here is my code:
require_once 'Google/autoload.php';
session_start();
/************************************************
The following 3 values an befound in the setting
for the application you created on Google
Developers console. Developers console.
The Key file should be placed in a location
that is not accessable from the web. outside of
web root.
In order to access your GA account you must
Add the Email address as a user at the
ACCOUNT Level in the GA admin.
************************************************/
$client_id = $jsonDecode['client_id'];
$Email_address = $jsonDecode['client_email'];
$key_file_location = 'privateKey.p12';
$client = new Google_Client();
$client->setApplicationName("CalCon");
$key = file_get_contents($key_file_location);
// separate additional scopes with a comma
$scopes ="https://www.googleapis.com/auth/calendar.readonly";
$cred = new Google_Auth_AssertionCredentials(
$Email_address,
array($scopes),
$key
);
$client->setAssertionCredentials($cred);
if($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$service = new Google_Service_Calendar($client);
?>
<html><body>
<?php
$calendarList = $service->calendarList->listCalendarList();
echo $service->calendars->get('primary')->getSummary()."<br />";
echo $service->calendarList->get('primary')->getSummary();
while(true) {
foreach ($calendarList->getItems() as $calendarListEntry) {
echo $calendarListEntry;
echo "hi";
echo $calendarListEntry->getSummary()."<br>\n";
// get events
$events = $service->events->listEvents($calendarListEntry->id);
foreach ($events->getItems() as $event) {
echo "-----".$event->getSummary()."<br>";
}
}
$pageToken = $calendarList->getNextPageToken();
if ($pageToken) {
$optParams = array('pageToken' => $pageToken);
$calendarList = $service->calendarList->listCalendarList($optParams);
} else {
break;
}
}
?>
</body></html>
I am trying to create an app that (using a Drive service account) lists files in a given folder and allows users to search the content of those files. I am getting a 403 Insufficient Permissions error which I cannot explain.
I have edited the code from the Google API PHP Client Example:
$client_id = '[REMOVED]'; //Client ID
$service_account_name = '[REMOVED]'; //Email Address
$key_file_location = 'key.p12'; //key.p12
$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
service = new Google_Service_Drive($client);
if (isset($_SESSION['service_token'])) {
$client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
array(
'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/drive.file'
),
$key
);
$client->setAssertionCredentials($cred);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();
$result = array();
$pageToken = NULL;
do {
try {
$parameters = array();
if ($pageToken) {
$parameters['pageToken'] = $pageToken;
}
$files = $service->files->listFiles($parameters);
$result = array_merge($result, $files->getItems());
$pageToken = $files->getNextPageToken();
} catch (Exception $e) {
echo "<br/>An error occurred: " . $e->getMessage();
$pageToken = NULL;
}
} while ($pageToken);
echo "<pre>";
print_r($result);
echo "</pre>";
echo "<br />Execution completed.";
The exact error message ($e->getMessage() in the catch above) is Error calling GET https://www.googleapis.com/drive/v2/files: (403) Insufficient Permission - I thought the /drive and /drive.file scopes gave me all the permissions I needed?
First, a quick note: You are requesting both the Drive scope and the Drive.File scope. The later is a subset of the former, so there is no need to request it. You should remove 'https://www.googleapis.com/auth/drive.file' line.
As to the insufficient permissions, this is possibility due to incorrect Developer Console configuration. You should double check that both the API and SDK are enabled for this particular project.
I had the same issue. I created a new secret in the Google Developer Console and re-authenticated. This fixed the problem.
I have a site where I would like to show all visitors some data from my Google Analytics account (unique page views from separate countries). As far as I'm concerned it is possible to do this with OAuth 2.0 and Google Analytics API. I would like the authentication to be automated, so that whoever comes to my site can view this data, not just me who can log in to my Google Analytics account.
What I've done
Made a project with Google Developers Console.
Changed Analytics API to ON.
Created a service account.
Generated API key for both server- and browser applications (don't know which and where to use exactly).
Downloaded Google APIs Client Library for PHP.
Uploaded the .p12 key that was downloaded when I created a service account, uploaded it to my site and linked to it in google-api-php-client-master/examples/service-account.php.
Declared my service account client id in google-api-php-client-master/examples/service-account.php.
Current code
<?php
/*
* Copyright 2013 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
session_start();
include_once "templates/base.php";
/************************************************
Make an API request authenticated with a service
account.
************************************************/
set_include_path("../src/" . PATH_SEPARATOR . get_include_path());
require_once 'Google/Client.php';
require_once 'Google/Service/Books.php';
/************************************************
ATTENTION: Fill in these values! You can get
them by creating a new Service Account in the
API console. Be sure to store the key file
somewhere you can get to it - though in real
operations you'd want to make sure it wasn't
accessible from the webserver!
The name is the email address value provided
as part of the service account (not your
address!)
Make sure the Books API is enabled on this
account as well, or the call will fail.
************************************************/
$client_id = 'SECRET-NUMBERS.apps.googleusercontent.com';
$service_account_name = '';
$key_file_location = 'SOMENUMBERS-privatekey.p12';
echo pageHeader("Service Account Access");
if ($client_id == 'SECRET-NUMBERS.apps.googleusercontent.com'
|| !strlen($service_account_name)
|| !strlen($key_file_location)) {
echo missingServiceAccountDetailsWarning();
}
$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
$service = new Google_Service_Books($client);
/************************************************
If we have an access token, we can carry on.
Otherwise, we'll get one with the help of an
assertion credential. In other examples the list
of scopes was managed by the Client, but here
we have to list them manually. We also supply
the service account
************************************************/
if (isset($_SESSION['service_token'])) {
$client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
array('https://www.googleapis.com/auth/analytics.readonly'),
$key
);
$client->setAssertionCredentials($cred);
if($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();
/************************************************
We're just going to make the same call as in the
simple query as an example.
************************************************/
$optParams = array('filter' => 'free-ebooks');
$results = $service->volumes->listVolumes('Henry David Thoreau', $optParams);
echo "<h3>Results Of Call:</h3>";
foreach ($results as $item) {
echo $item['volumeInfo']['title'], "<br /> \n";
}
echo pageFooter(__FILE__);
Issues
In google-api-php-client-master/examples/service-account.php there's this piece of code which I don't quite understand:
$service_account_name = '';
what should I declare here?
When I have done all the above and loaded the page google-api-php-client-master/examples/service-account.php on my site, I get these two errors:
Warning: You need to set Client ID, Email address and the location of the Key from the Google API console
Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }'' in /home/texterx1/public_html/google-api-php-client-master/src/Google/Auth/OAuth2.php:327 Stack trace: #0 /home/texterx1/public_html/google-api-php-client-master/src/Google/Auth/OAuth2.php(289): Google_Auth_OAuth2->refreshTokenRequest(Array) #1 /home/texterx1/public_html/google-api-php-client-master/examples/service-account.php(75): Google_Auth_OAuth2->refreshTokenWithAssertion(Object(Google_Auth_AssertionCredentials)) #2 {main} thrown in /home/texterx1/public_html/google-api-php-client-master/src/Google/Auth/OAuth2.php on line 327
What have I done wrong?
Ok the first thing you need to do is grab the Email address on developer console for your app that was created along with the app.
1046123799103-nk421gjc2v8mlr2qnmmqaak04ntb1dbp#developer.gserviceaccount.com
Login to your GA go to the admin section for the account you want the Service account to access. You need to give that email account Access at the account level just give them Read and analyze.
<?php
session_start();
require_once 'Google/Client.php';
require_once 'Google/Service/Analytics.php';
// Values from APIs console for your app
$client_id = 'Client ID';
$service_account_name = 'Email address';
$key_file_location = 'The file you downloaded';
$client = new Google_Client();
$client->setApplicationName("Client_Library_Examples");
if (isset($_SESSION['service_token'])) {
$client->setAccessToken($_SESSION['service_token']);
}
$key = file_get_contents($key_file_location);
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
array('https://www.googleapis.com/auth/analytics.readonly'),
$key
);
$client->setAssertionCredentials($cred);
if($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$_SESSION['service_token'] = $client->getAccessToken();
$service = new Google_Service_Analytics($client);
$accounts = $service->management_accountSummaries->listManagementAccountSummaries();
foreach ($accounts->getItems() as $item) {
echo "Account: ",$item['name'], " " , $item['id'], "<br /> \n";
foreach($item->getWebProperties() as $wp) {
echo ' WebProperty: ' ,$wp['name'], " " , $wp['id'], "<br /> \n";
$views = $wp->getProfiles();
if (!is_null($views)) {
foreach($wp->getProfiles() as $view) {
// echo ' View: ' ,$view['name'], " " , $view['id'], "<br /> \n";
}
}
}
}
I am using the following code to retrieve the list of users associated with my Google apps admin account. It's working fine when using a Google apps admin account but when using other Google apps/Gmail accounts an error appears.
Code:
<?php
require_once 'test_user/src/Google_Client.php';
require_once 'test_user/src/contrib/Google_PlusService.php';
require_once 'test_user/src/contrib/Google_Oauth2Service.php';
require_once 'test_user/src/contrib/Google_DirectoryService.php';
session_start();
$client = new Google_Client();
$client->setApplicationName("ApplicationName");
//*********** Replace with Your API Credentials **************
$client->setClientId('****');
$client->setClientSecret('****');
$client->setRedirectUri('****');
$client->setDeveloperKey('****');
//************************************************************
$client->setScopes(array('https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/admin.directory.user'));
$plus = new Google_PlusService($client);
$oauth2 = new Google_Oauth2Service($client); // Call the OAuth2 class for get email address
$adminService = new Google_DirectoryService($client); // Call directory API
error_reporting(E_ALL);
ini_set('display_errors', 1);
error_reporting(E_ALL ^ E_NOTICE);
if (isset($_REQUEST['logout'])) {
unset($_SESSION['access_token']);
}
if (isset($_GET['code'])) {
$client->authenticate();
$_SESSION['access_token'] = $client->getAccessToken();
header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}
if (isset($_SESSION['access_token'])) {
$client->setAccessToken($_SESSION['access_token']);
}
if ($client->getAccessToken())
{
$user = $oauth2->userinfo->get();
$me = $plus->people->get('me');
$email = filter_var($user['email'], FILTER_SANITIZE_EMAIL); // get the USER EMAIL ADDRESS using OAuth2
$optParams = array('maxResults' => 100);
$activities = $plus->activities->listActivities('me', 'public', $optParams);
$users = $adminService->users->get($email);
//print_r($users);
//$list_users = $adminService->users->listUsers();
$adminOptParams = array('customer' => 'my_customer');
$list_users = $adminService->users->listUsers($adminOptParams);
print '<h2>Response Result:</h2><pre>' . print_r($list_users, true) . '</pre>';
$_SESSION['access_token'] = $client->getAccessToken();
}
else
{
$authUrl = $client->createAuthUrl();
header("location:$authUrl");
}
?>
Error:
Fatal error: Uncaught exception 'Google_ServiceException' with message 'Error calling GET
https://www.googleapis.com/admin/directory/v1/users/william.nelson920#gmail.com?key=AIzaSyBp0yBFCCosu113tbNbw7yAIjIt1ndFFIs: (404) Resource Not
Found: userKey' in /var/www/vhosts/vx44.com/httpdocs/test_user/src/io/Google_REST.php:66 Stack trace: #0
/var/www/vhosts/vx44.com/httpdocs/test_user/src/io/Google_REST.php(36): Google_REST::decodeHttpResponse(Object(Google_HttpRequest)) #1
/var/www/vhosts/vx44.com/httpdocs/test_user/src/service/Google_ServiceResource.php(186): Google_REST::execute(Object(Google_HttpRequest)) #2
/var/www/vhosts/vx44.com/httpdocs/test_user/src/contrib/Google_DirectoryService.php(653): Google_ServiceResource->__call('get', Array) #3
/var/www/vhosts/vx44.com/httpdocs/test_user/test_user.php(54): Google_UsersServiceResource->get('william.nelson9...') #4 {main} thrown in
/var/www/vhosts/vx44.com/httpdocs/test_user/src/io/Google_REST.php on line 66
The Directory API is restricted for Google Apps Admin only. It allows domain administrators to retrieve domain users' information.
You should be able to get user information from your own domain (and your own domain ONLY). In your case, you are trying to get the user information of 'william.nelson920#gmail.com'. Since gmail.com is a consumer Google Apps product, and I don't think you are the administrator of gmail.com? The API is throwing the correct error indicating that this user does not exist in your domain.
Here is more info about the get request from Google documentation
https://developers.google.com/admin-sdk/directory/v1/guides/manage-users#get_user
Hope this helps!