GSuite marketplace Listing with Admin SDK + SERVICE ACCOUNT

0
votes

I brought up a GSuite Marketplace Listing with Service account created and Domain Wide Delegation enabled. I want to retrieve the users and orgunits of the customer.

  1. Created a new Google Cloud Project
  2. Enabled 'Admin SDK' in the project
  3. Enabled 'GSuite Marketplace SDK', filled the scopes 'https://www.googleapis.com/auth/admin.directory.orgunit.readonly', 'https://www.googleapis.com/auth/admin.directory.user.readonly' and published the listing.
  4. Enabled the 'Enable API Access' in the Admin Console of the customer.
  5. The customer installed the app but I saw that the client_id of the SA was not added under the "Authorized API clients" section. When I try to retrieve the list of users in GSuite, I get the below error.

"unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested"

Am I missing something in the marketplace listing ?

1
google-appsgoogle-admin-sdkservice-accountsgoogle-apps-marketplacegoogle-workspace
Also "G Suite Marketplace Integration Client" got created automatically under Credentials. But Service Account credentials still exist. Why did the listing app not install Admin SDK scopes under 'Authorized API Clients' ?Shilpa Yellapragada

1 Answers

0
votes

Why do you expect the SA's Oauth client to automatically appear under 'Authorized API Clients'? The instructions for setting up whitelisted Oauth clients for the domain mention you have to do it manually.