Gmail API Set Forwarding with Service Account

0
votes

Can anyone help as I'm getting bad request failed precondition errors when calling Gmail API to set forward address? Below is a C# .Net console app I'm trying do this with. I have delegated Domain Wide Authority to the Service Account.

Error:

Google.Apis.Requests.RequestError Bad Request [400] Errors [ Message[Bad Request] Location[ - ] Reason[failedPrecondition] Domain[global] ]

I think I was missing the User to impersonate. So, I added the user and now I get the following error.

Error:

Error:"unauthorized_client", Description:"Client is unauthorized to retrieve access tokens using this method.", Uri:""

namespace GmailForwarder
{
    class Program
    {

        static string ApplicationName = "GmailForwarder";

        static void Main(string[] args)
        {
            ServiceAccountCredential credential;
            string serviceAccount = "[email protected]";
            var certificate = new X509Certificate2(@"key.p12", "notasecret", X509KeyStorageFlags.Exportable);

            try
            {
                // Create credential
                credential = new ServiceAccountCredential(
                          new ServiceAccountCredential.Initializer(serviceAccount)
                          {
                            User = "[email protected]",
                            Scopes = new[] { GmailService.Scope.GmailSettingsSharing  }
                          }.FromCertificate(certificate));

                // Create Gmail API service.
                var service = new GmailService(new BaseClientService.Initializer()
                {
                    HttpClientInitializer = credential,
                    ApplicationName = ApplicationName,
                });

                string user = "[email protected]"; // test gmail account
                string fwdAddr = "[email protected]";

                ForwardingAddress fwdAddress = new ForwardingAddress();
                fwdAddress.ForwardingEmail = fwdAddr;

                var createFwdAddressResult = service.Users.Settings.ForwardingAddresses.Create(fwdAddress,"me").Execute();     

            }
            catch (Exception ex)
            {

            }     
        }
    }
}
2
c#google-apigmail-apigoogle-api-dotnet-clientservice-accounts
can you post the full error message?DaImTo
DalmTo can you help me with this? Is there anything I'm missing, doing wrong ?ACW
make sure that you set up domain wide delegation correctly in gsuite. then you can use a service with the Gmail apiDaImTo
Yea, my system admin and I double checked this and that is set for the service account. Does the owner of the service account (i.e the google admin we created the service account under) needs to have domain wide delegationenabled ?. When I try to run this via the Google API explorer it says the client (i.e. owner of service account does not have delegation enabled). Is that the same error as I get when running the .Net app?ACW
Is there a way test out the service account in another way ? I believe the code is correct but the service account just don't have access, even though I registered it in the G Suite Admin console under API Client AccessACW

2 Answers

0
votes

This worked for me when I used : https://mail.google.com/ and https://www.googleapis.com/auth/gmail.settings.sharing OAuth2 scopes

0
votes

I had this problem too (400 code). I was having two problems:

1) As ACW says, I was missing "https://mail.google.com/" from the list of scopes required, appart from "https://www.googleapis.com/auth/gmail.settings.sharing".

2) I was missing to put the scopes wrapped in quotes ("") in the administration console (when specifying the scopes for the service account).

Hope it helps someone