Fail to read user with 'OAuth 2.0 for Server to Server Applications' protocol using admin sdk APIs

0
votes

We are trying to implement OAuth 2.0 for Server to Server Applications Final motive is to call Google API to read GSuite Users.

Google documentation for OAuth 2.0 for Server to Server Applications is .. - https://developers.google.com/identity/protocols/OAuth2ServiceAccount

API to read list of GSuite Users - https://developers.google.com/admin-sdk/directory/v1/reference/groups/list

As per documentation we may use "Google APIs Client Library" or "HTTP/REST" However our requirement is to use HTTP/REST.

We have Successfully completed below steps .

  1. Creating a service account.
  2. Delegating domain-wide authority to the service account.
  3. Authorized API call with HTTP/REST.

We are successfully able to get "access token" through POSTMAN after step 3 above.

Postman request to get access_token is successful as below .

HTTP POST request :https://oauth2.googleapis.com/token

Body parameters: 
grant_type:urn:ietf:params:oauth:grant-type:jwt-bearer
assertion:The JWT, including signature. 

successful response :
{
"access_token": "ya29.c.EmmOB0vXrihl6nkZNr2gS1nKc4LypBlg3I1bZL2BUvPfZ53rs91fSA2TXR25TvtrZb551sdg1WwHnxg5VYWVC-SEveeypZebfwvhdGr9ECXCeuwAmfyV8TDUIN5nsqbZ7IxVyzgkew",
"expires_in": 3600,
"token_type": "Bearer"
}

However getting errors/exceptions While "Calling Google APIs"

Errors while calling API with access_token which we got .

1.Get Request via POSTMAN : Read all GSuite users  
https://www.googleapis.com/admin/directory/v1/users/?customer=my_customer
Header:Bearer ya29.c.EmmOB0vXrihl6nkZNr2gS1nKc4LypBlg3I1bZL2BUvPfZ53rs91fSA2TXR25TvtrZb551s dg1WwHnxg5VYWCVC-SEveeypZebfwvhdGr9ECXCeuwAmfyV8TDUIN5nsqbZ7IxVyzgkewfZ0

error response :
{
 "error": {
    "errors": [
        {
            "domain": "global",
            "reason": "backendError",
            "message": "Service unavailable. Please try again"
        }
    ],
    "code": 503,
    "message": "Service unavailable. Please try again"
 }
}

2.Get Request via POSTMAN : read GSuite Groups 

https://www.googleapis.com/admin/directory/v1/groups/? 
customer=my_customer
Header : Bearer ya29.c.EmmOB0v-Xrihl6nkZNr2gS1nKc4LypBlg3I1bZL2BUvPfZ53rs91fSA2TXR25TvtrZb551sdg1WwHnxg5VYWCVC-SEveeypZebfwvhdGr9ECXCeuwAmfyV8TDUIN5nsqbZ7IxVyzgkewfZ0

error response :
{
  "error": {
    "errors": [
        {
            "domain": "global",
            "reason": "notFound",
            "message": "Domain not found."
        }
    ],
    "code": 404,
    "message": "Domain not found."
 }
}
1
google-apigoogle-oauthgoogle-workspacegoogle-apis-explorerserver-to-server

1 Answers

0
votes

Seems like you don't need to pass request parameter customer. Try like this

https://www.googleapis.com/admin/directory/v1/groups/my_customer

more on this here

and https://www.googleapis.com/admin/directory/v1/users/my_customer

more on this here