go - Google Apps API 403 with Service Account -
i've been trying make query against google's admin api list users in google apps organization. have permissions make query in web ui example , results, 403's when try make query service account.
import ( "fmt" "io/ioutil" "log" "golang.org/x/net/context" "golang.org/x/oauth2/google" directory "google.golang.org/api/admin/directory_v1" ) func main() { serviceaccountjson, err := ioutil.readfile(serviceaccountfile) if err != nil { log.fatalf("could not read service account credentials file, %s => {%s}", serviceaccountfile, err) } config, err := google.jwtconfigfromjson(serviceaccountjson, directory.admindirectoryuserscope, directory.admindirectoryuserreadonlyscope, ) client, err := directory.new(config.client(context.background())) if err != nil { log.fatalf("could not create directory service client => {%s}", err) } users, err := client.users.list().viewtype(publicdataview).domain(domain).do() if err != nil { log.fatalf("failed query users => {%s}", err) } _, u := range users.users { fmt.println(u.name.fullname) } } every time execute 403. same query parameters works in try it! section here i'm not sure why fails.
result: failed query users => {googleapi: error 403: not authorized access resource/api, forbidden}
i know question year old, couldnt find anywhere - ive managed fix after running same error you.
basically need set delegation user config, eg:
func main() { serviceaccountjson, err := ioutil.readfile(serviceaccountfile) if err != nil { log.fatalf("could not read service account credentials file, %s => {%s}", serviceaccountfile, err) } config, err := google.jwtconfigfromjson(serviceaccountjson, directory.admindirectoryuserscope, directory.admindirectoryuserreadonlyscope, ) // add me config.subject = "someone@example.com" client, err := directory.new(config.client(context.background())) if err != nil { log.fatalf("could not create directory service client => {%s}", err) } users, err := client.users.list().viewtype(publicdataview).domain(domain).do() if err != nil { log.fatalf("failed query users => {%s}", err) } _, u := range users.users { fmt.println(u.name.fullname) } } see https://github.com/golang/oauth2/blob/master/google/example_test.go#l118
hope helps else!
Comments
Post a Comment