Google Calendar API Service Account Error 401 Invalid credential

1
votes

I'm trying to create a Google Calendar Service Account.

Here are my credentials:

enter image description here

Here's my service account definition (Site Wide delegation for service account is enabled):

enter image description here

Here's my "Manage API client access" page:

enter image description here

And this is my code:

        string userName = "[email protected]";
        string[] Scopes = { CalendarService.Scope.Calendar, CalendarService.Scope.CalendarEvents };
        string ApplicationName = "Client per quickstart";
        ServiceAccountCredential credential = GoogleCredential.FromFile(@"path\credentialjson.json").CreateScoped(Scopes).CreateWithUser(userName).UnderlyingCredential as ServiceAccountCredential;

        // Create Google Calendar API service.
        var service = new CalendarService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = ApplicationName
        });
        // THIS REQUEST FAILS!!  
        var y = service.CalendarList.List().Execute();

The service is created correctly but all requests fail with this error:

Code: 401, Message: "Invalid Credentials", Location: "Authorization", >LocationType: "header", Reason: "authError", Domain: "global"

I don't understand what I'm missing in the authorization header.

What should I set before the request that was not done when creating the service? Thanks!

2
c#google-apigoogle-calendar-apigoogle-api-dotnet-clientservice-accounts
To understand better. Do you want to use Domain-wide delegation? Also, keep in mind when setting the scopes in the "Manage API client access" can take up to 24 hours and make sure your code is getting the service account file with its credentialsalberto vielma
Yes I do. I set scopes in the "Manage API client access" one week ago...pmala84

2 Answers

1
votes

Your issue is due to the Scopes you are using at the same time, because you are setting CalendarService.Scope.CalendarEvents, this one will be the priority over CalendarService.Scope.Calendar, because the Google APIs always take as priority the most restricted Scope (in this case CalendarEvents).

And as you can see in the CalendarList: list endpoint scopes, the CalendarService.Scope.CalendarEvents is not a Scope you could use to hit the endpoint you wanted to hit.

So, in your code you can delete the extra Scope and leave it like this:

string[] Scopes = { CalendarService.Scope.Calendar };
0
votes

Do you see the text over the top of your credentials

OAuth 2.0 Client IDs

Go to google developer console click + create credentials pick service account from the drop down. You need to ensure that you have downloaded the key fine for the Service account and not for the Oauth2 client. The message you are seeing states that you have the wrong client type. Try and download the service account key file again.

example of service account credentials

enter image description here

You have created oauth2 credentials not service account creditnals.

GoogleCredential credential;
                    using (var stream = new FileStream(serviceAccountCredentialFilePath, FileMode.Open, FileAccess.Read))
                    {
                        credential = GoogleCredential.FromStream(stream)
                             .CreateScoped(scopes);
                    }

                    // Create the  Analytics service.
                    return new CalendarService(new BaseClientService.Initializer()
                    {
                        HttpClientInitializer = credential,
                        ApplicationName = "Calendar Service account Authentication Sample",
                    });