Unauthorized when calling Google Admin SDK Directory API

1
votes

I'm having trouble calling Googles new Directory API. I'm getting http forbidden "Not Authorized to access this resource/api" all the time.

I'm using oauth2 and a service account to access the directory api. The oauth ticket is requested for the following scopes:

"https://www.googleapis.com/auth/admin.directory.user" 
"https://www.googleapis.com/auth/admin.directory.group"
"https://www.googleapis.com/auth/admin.directory.orgunit"

The service account is owner of the Api project and the Admin SDK service is enabled. If I don't provide a Principal in the oauth request I get an oauth token but the request to the admin api fails.

If I provide a principal in the request for the oauth ticket the ticket will not be granted even if the principal is an administrator.

Do I have to give the service account additional privilegies to make it work or is there something I have missed. The same service account works fine for the calendar API.

1
google-apigoogle-admin-sdk
Have you added the client ID of the service account under Manage third party OAuth Access? (the step is captured here: developers.google.com/drive/…) - Emily
I am trying to achieve the said. Kindly provide more details on approach. My problem is listed here @Tor Jonsson - yomexzo

1 Answers

1
votes

Have you assigned the ServiceAccountUser when initializing the authentication? I was having the same error before I set it to a domain manager account.

See this one.