Google Group Settings API enabled for service accounts?

StackOverflow https://stackoverflow.com/questions/13776174

Question

Most of the Google Management APIs seem to have been enabled for Service Accounts. For example, I can retrieve calendars like so:

string scope = Google.Apis.Calendar.v3.CalendarService.Scopes.Calendar.ToString().ToLower();
string scope_url = "https://www.googleapis.com/auth/" + scope;
string client_id = "999...@developer.gserviceaccount.com";
string key_file = @"\path\to\my-privatekey.p12";
string key_pass = "notasecret";

AuthorizationServerDescription desc = GoogleAuthenticationServer.Description;
X509Certificate2 key = new X509Certificate2(key_file, key_pass, X509KeyStorageFlags.Exportable);

AssertionFlowClient client = new AssertionFlowClient(desc, key) { ServiceAccountId = client_id, Scope = scope_url };
OAuth2Authenticator<AssertionFlowClient> auth = new OAuth2Authenticator<AssertionFlowClient>(client, AssertionFlowClient.GetState);

CalendarService service = new CalendarService(auth);
var x = service.Calendars.Get("calendarID@mydomain.com").Fetch();

However, identical code on the GroupssettingsService returns a 503 - Server Not Available. Does that mean service accounts can't be used with that API?

In a possibly related issue, the scope of the Groups Settings Service seems to be apps.groups.settings but if you call

GroupssettingsService.Scopes.AppsGroupsSettings.ToString().ToLower();

...you get appsgroupssettings instead, without the embedded periods.

Is there another method to use service accounts for the GroupssettingsService? Or any information on the correct scope string?

Many thanks.

Was it helpful?

Solution

Why do you need to use a service account for this? You can use regular OAuth 2.0 authorization flows to get an authorization token from a Google Apps super admin user and use that:

https://developers.google.com/accounts/docs/OAuth2InstalledApp

OTHER TIPS

I found this thread, and the most important part of the docs after some time. Posting so others don't waste their time in the future.

Your application must use OAuth 2.0 to authorize requests. No other authorization protocols are supported. If your application uses Google Sign-In, some aspects of authorization are handled for you.

See the "About authorization protocols" section of the docs

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top