Google Directory API and Admin SDK

0
votes

I face error 403: Not Authorized to access this resource/api when i try to access list the users in from the Directory API. I've followed the steps here: https://developers.google.com/admin-sdk/directory/v1/guides/delegation

  • The domain on google admin console has the same name that the organisation in google API
  • The Admin SDK is enabled
  • the service account is allowed in the API access manager
  • The authentication works and I have a token

Here's the code I use

const google = require('googleapis').google;
const directory = google.admin('directory_v1');

const key = require('./creds.json');
const scopes = [ "https://www.googleapis.com/auth/admin.directory.user", "https://www.googleapis.com/auth/admin.directory.group", "https://www.googleapis.com/auth/admin.directory.orgunit"]

jwtOptions = {
  email: key.client_email,
  key: key.private_key,
  scopes: scopes,
}

const jwtClient = new google.auth.JWT(jwtOptions)

jwtClient.authorize( (err, tokens) => {
  if (err) {
    console.log(err);
    return;
  }

  // Make an authorized request to list Drive files.
  directory.users.list({
    auth: jwtClient,
    domain: 'mydomain.com',
  }, (err, resp) => {
    if (err) {
      console.log('error')
      console.log(err.errors)
    } else {
      console.log('success')
    }
  });
});

What did I have missed?

2
google-apigoogle-admin-sdkgoogle-directory-api

2 Answers

0
votes

after delegation, you must authorize your sevice account: Go to Security > Advanced Settings > Manage API client access then add id of your service account and scopes divided by comma. Wait for 24 hours, then you can use your service account for directory api.

Google has some time delay, just wait.

-1
votes

Finally, we tried to switch to another language (PHP), and the code works. It looks like there's an issue with Google Node SDK, and we've reported it.