google admin directory insert user

Question

I am trying to insert user account through https://www.googleapis.com/auth/admin.directory.user. I am using the following gem 'google-api-client', '0.11.1'.

I have enabled the following, 1, api access enabled 2, service account domain wide delegation done 3, authorized the scope urls for this service account client id

the code works with other domain, but for the other account it throws error.

{
 "error": "unauthorized_client",
 "error_description": "Client is unauthorized to retrieve access tokens using this method."
}

code:

SCOPES = ['https://www.googleapis.com/auth/admin.directory.user'
, 'https://www.googleapis.com/auth/admin.directory.group.readonly']
    ENV['GOOGLE_APPLICATION_CREDENTIALS'] = 'expa-email-c2938bce41f9.json'
 service = Google::Apis::AdminDirectoryV1::DirectoryService.new
  authorization = Google::Auth.get_application_default(SCOPES)
  authorization.sub = user_email
  authorization.fetch_access_token!
  service.authorization = authorization
  service

abielita abielita · Accepted Answer · 2017-05-25T16:44:53

Based from this thread, a service account is a dummy user. For a service account to be able to access your account it needs to be preauthorized. You authorize the service account just like you would any other user. You may check this sample code.

Additional reference:

Client is unauthorized to retrieve access tokens using this method Gmail API C#

The service account needs to be authorized or it cant access the emails for the domain.

"Client is unauthorized to retrieve access tokens using this method"

Means that you have not authorized it properly check Delegating domain-wide authority to the service account

google admin directory insert user

1 Answers