We are using Google API Ruby client with Domain Wide Delegation to update users' contacts, parse emails to pair them with our DB etc. Before April 1st everything was working just fine, however, since then we get unauthorized_client error response.
Signet::AuthorizationError (Authorization failed. Server message:)
{
"error": "unauthorized_client",
"error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}
What have I already tried?
I have tried updating google-api-ruby-client and googleauth gems to latest version. Nothing changed.
I have also tried (twice) generating new service account, enabling it for DWD and adding the needed scope in G Suite admin console with service account's client ID. I waited for 24 hours after adding scopes in admin console and nothing changed.
Note that everything was working fine in the past with the same settings.
Minimal code for test
Here is the minimal code that throws the error.
require 'googleauth'
require 'google/apis/gmail_v1'
creds = ENV['GOOGLE_SERVICE_ACCOUNT'] # JSON downloaded from cloud console
# is saved in this ENV variable
creds_json = JSON.parse(creds)
creds_json_io = StringIO.new(creds_json.to_json)
auth = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: creds_json_io,
scope: [Google::Apis::GmailV1::AUTH_GMAIL_MODIFY]
)
auth.sub = '[email protected]' # without this line everything works fine
# and I get the access token
auth.fetch_access_token
As far as I can tell we are doing everything according to available documentation. Does anyone have any suggestions, please?
Update
I have also tried creating a new Google Cloud Platform project under the same organization with only Service Account added but everything stays the same.
