Error: Service accounts cannot invite attendees without Domain-Wide Delegation of Authority

3
votes

im using JWT token as authentication of a service account im getting the above mentioned error if i add attendees in the event, im developing this as a service so can i solve this without using an oauth2 authorization ?

  const scopes = ['https://www.googleapis.com/auth/calendar', 'https://www.googleapis.com/auth/gmail.send']
    const calendar = google.calendar({ version: "v3" });

    let rawdata = fs.readFileSync('googleCalendar\\calendarcred.json');
    let CREDENTIALS = JSON.parse(rawdata);
    let auth = new google.auth.JWT(
        CREDENTIALS.client_email,
        null,
        CREDENTIALS.private_key,
        scopes
    );
1
node.jsgoogle-apigoogle-oauthgoogle-calendar-apiservice-accounts

1 Answers

2
votes

In order to use a service account with Google calendar you need to set up Perform Google Workspace Domain-Wide Delegation of Authority to your gsuite account.

Once the workspace (Gsutie) admin has authorized the service account you will be able to run impersonation. Just remember to set the auth to the user on your domain which you want the service account to impersonate.

import { JWT } from "google-auth-library";

  const auth = (await google.auth.getClient({
    scopes: ["https://www.googleapis.com/auth/admin.directory.user"],
  })) as JWT;

  auth.subject = process.env.GOOGLE_ADMIN_EMAIL;

Alternately once the service account has been granted access to the domain i think you can also share the calendar with the service account and this should give it direct access to the calendar without needing to impersonate to a user on the domain. However i don't think it will send notification emails.