Question
I am trying to use the java Directory API to return a list of all the users in an account following the method outlined in the Google Documentation, however I consistently get 403 permission errors.
Using the Java SDK my code looks like this, which 403 fails on the execute:
https://stackoverflow.com/questions/19244525
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDirectory directory = new Directory.Builder(TRANSPORT, JSON_FACTORY, getCredential()).setApplicationName(PRODUCT_FULL_NAME).build();
Directory.Users.List list = directory.users().list();
list.setCustomer("my_customer");
com.google.api.services.admin.directory.model.Users users = list.execute();
In my App Engine API console I have turned the Admin SDK on and I have permissions set to request the following scopes on authorization (in the console and programatically).
https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.user.readonly
I am not using a service account, but authorizing as a "super admin". Through the Admin Console I have enabled API access.
Getting a list using the "try it" form feature provided by Google works. However even if I adapt my code to do a HTTP get rather than using the java Directory API I still get 403 errors.
I am going around and around the houses with this. Does anyone know what I may be doing wrong? Any pointers would be really appreciated.
Solution
Argh I have fallen foul of credential caching!
I had been extending an app to provide this new functionality and testing with a user I had previously logged in as. I was using app engine to persist credentials in the app engine credential store. On method authorization the old cached credentials we being used rather than the freshly authenticated ones.
Flushing the app engine memcache and deleting the credentials from the credential store resolved the issue.
