I am getting the following error when using a service account + impersonation to retrieve Google calendar entries:
Error:"access_denied", Description:"", Uri:""
I can create events using both user and service account flow (no impersonation). I can retrieve calendars using both user and service account flow (with and without impersonation). I can retrieve calendar events with only user flow.
On a related matter, I noticed that using the oAuth2 user flow the returned events include those that I am not an attendee, so I am unclear if impersonation should filter returned events to only those that I am an attendee.
Here is the service account + impersonation code:
string serviceAccountEmail = "...@developer.gserviceaccount.com";
var certificate = new X509Certificate2(Server.MapPath("~") + @"\bin\key.p12", "notasecret",
X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(new
ServiceAccountCredential.Initializer(serviceAccountEmail)
{ Scopes = new[] { CalendarService.Scope.Calendar }, User="my email here" }.FromCertificate
(certificate));
BaseClientService.Initializer initializer = new BaseClientService.Initializer();
initializer.HttpClientInitializer = credential;
initializer.ApplicationName = "Google Calendar Sample";
service = new CalendarService(initializer);
IList list = service.CalendarList.List().Execute().Items; // throws error
foreach (CalendarListEntry calendar in list)
DisplayFirstCalendarEvents(calendar);
Getting a Calendar directly also throws the same error:
Calendar cal1 = service.Calendars.Get("my personal calendar id").Execute(); //throws same error