0
votes

I have a spreadsheet on our company Google Drive that I would like to be read by a service account. I've been stuck on this for some time now but I can't figure out what I'm missing.

For that I created a service account, enabled the domain wide delegation and added the needed scopes ('https://www.googleapis.com/auth/drive' and 'https://www.googleapis.com/auth/spreadsheets.readonly') in the G Suite Admin panel, matching the client id of my service account. I created a key for this service account and save it in a json file (file is key_sa.json).

Despite that, when running the following code, it fails:

SERVICE_ACCOUNT_JSON_FILE_PATH = 'key_sa.json'
SCOPES = ['https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/spreadsheets.readonly']

credentials = ServiceAccountCredentials.from_json_keyfile_name(
        SERVICE_ACCOUNT_JSON_FILE_PATH, scopes=SCOPES)

delegated_credentials = credentials.create_delegated('[email protected]') 
delegated_http = delegated_credentials.authorize(httplib2.Http())
delegated_credentials.refresh(delegated_http)

service = build('sheets', 'v4', http=delegated_http) # credentials=credentials)

The error message I got for the last line is:

oauth2client.client.HttpAccessTokenRefreshError: unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.

Any hint as to what I'm missing?

1

1 Answers

0
votes

Try adding the following scopes as mentioned below:

'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/spreadsheets.readonly',
'https://www.googleapis.com/auth/spreadsheets'

These scopes must be added to both in your code and the API permissions in Google Admin Security setting.

...spreadsheets.readonly
...spreadsheets

both the above permissions behave differently and so both need to be added.