I am trying to set up the service account and domain-wide authority. I have successfully created service account and also delegated the domain-wide authority.
I have enabled all required scopes for the service account:
In a code I am able to operate with the our domain users's calendar or mails but not drive.
I am running following code:
public static readonly string[] REQUIRED_PERMISSIONS =
{
CalendarService.Scope.Calendar,
"https://www.google.com/m8/feeds/contacts",
TasksService.Scope.Tasks,
DriveService.Scope.Drive,
DriveService.Scope.DriveAppsReadonly,
DriveService.Scope.DriveFile,
DriveService.Scope.DriveAppdata,
DriveService.Scope.DriveMetadataReadonly,
DriveService.Scope.DriveReadonly,
GmailService.Scope.MailGoogleCom
};
var cred = new ServiceAccountCredential(new ServiceAccountCredential.Initializer("user.iam.gserviceaccount.com")
{
Scopes = REQUIRED_PERMISSIONS,
User = "test@domain"
}.FromPrivateKey(@"privatekey"));
var mailService = new GmailService(new BaseClientService.Initializer()
{
HttpClientInitializer = cred,
ApplicationName = ApplicationName,
});
var result = mailService.Users.GetProfile("me");
var resultFetch = result.Execute();
I get error Google.Apis.Auth.OAuth2.Responses.TokenResponseException: 'Error:"unauthorized_client", Description:"Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.", Uri:""'
I know that I am using GMail request however, that's just for "test connection" later on drive request will be used
When I remove the Drive related scopes all is working - however that's not solution.
I have:
- Domain-wide authority enabled
- I have service account created
- I have Drive API enabled
I have tried also these questions: Access Domain wide Google Drive data with ServiceAccount Actor user Failure of delegation of Google Drive access to a service account