Trying to access a google cloud datastore from google apps script with a service account like this. I have got the sample from here I am not sure if the SCOPE is ok or if another scope is needed. Running the function run() gives errors like "Error retrieving token: invalid_scope, https://www.googleapis.com/auth/userinfo.email is not a valid audience string."
// testing Cloud Datastore access via service account
var PRIVATE_KEY = "-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----\n";
var CLIENT_EMAIL = "[email protected]";
var USER_EMAIL = "[email protected]";
var CLIENT_ID = "104548139575444821912";
var SCOPE = "https://www.googleapis.com/auth/datastore/v1";
/**
* Authorizes and makes a request to the Cloud Datastore
*/
function run() {
var service = getService();
if (service.hasAccess()) {
var url = SCOPE;
var response = UrlFetchApp.fetch(url, {
headers: {
Authorization: 'Bearer ' + service.getAccessToken()
}
});
var result = JSON.parse(response.getContentText());
Logger.log(JSON.stringify(result, null, 2));
} else {
Logger.log(service.getLastError());
}
}
/**
* Reset the authorization state, so that it can be re-tested.
*/
function reset() {
getService().reset();
}
/**
* Configures the service.
*/
function getService() {
return OAuth2.createService('CloudDatastore:' + USER_EMAIL)
// Set the endpoint URL.
.setTokenUrl('https://accounts.google.com/o/oauth2/token')
// Set the private key and issuer.
.setPrivateKey(PRIVATE_KEY)
.setIssuer(CLIENT_EMAIL)
// .setClientId(CLIENT_ID)
// Set the name of the user to impersonate. This will only work for
// Google Apps for Work/EDU accounts whose admin has setup domain-wide
// delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
// .setSubject(USER_EMAIL)
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(PropertiesService.getScriptProperties())
// Set the scope. This must match one of the scopes configured during the
// setup of domain-wide delegation.
.setScope('https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/datastore/v1');
}