I am trying to create a user using C# and the google-admin-directory_v1-rev24-csharp-1.7.0-beta client libraries however I keep geting an exception:
Google.GoogleApiException was unhandled
HResult=-2146233088
Message=Google.Apis.Requests.RequestError
Not Authorized to access this resource/api [403]
Errors [
Message[Not Authorized to access this resource/api] Location[ - ] Reason[forbidden] Domain[global]
]
Source=Google.Apis
ServiceName=admin
StackTrace:
at Google.Apis.Requests.ClientServiceRequest`1.Execute() in c:\code\google.com\google-api-dotnet-client\default\Tools\Google.Apis.Release\bin\Debug \output\default\Src\GoogleApis\Apis\Requests\ClientServiceRequest.cs:line 102
at ConsoleApplication1.Program.Main(String[] args) in c:\Users\darin.BASEHEX\Documents\Visual Studio 2013\Projects \ConsoleApplication1\ConsoleApplication1\Program.cs:line 55
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
InnerException:
I started by creating a project in the Developers console, under the APIs settings page I turned on the ADMIN SDK, under the Credentials page I created a Service Account and downloaded the p12.key certificate, I filled out the Consent Screen and then I went to the Security page on the Admin Console, selected the Advance tab, selected the Manage third party OAuth Client access, pasted in the Client ID from the Service Account I created and assigned the scope https://www.googleapis.com/auth/admin.directory.user/. The exception is being raised on the line:
User results = service.Users.Insert(newuserbody).Execute();
The complete C# program is below.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography.X509Certificates;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Admin.Directory.directory_v1;
using Google.Apis.Admin.Directory.directory_v1.Data;
using Google.Apis.Services;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
String serviceAccountEmail = "A bunch of alpha numerics@developer.gserviceaccount.com";
var certificate = new X509Certificate2(@"key.p12", "notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser },
User = "admin@mydomain.com" <-------- Added ADMIN User to fix
}.FromCertificate(certificate));
// Create the service.
var service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "User Provisioning",
});
User newuserbody = new User();
UserName newusername = new UserName();
newuserbody.PrimaryEmail = "bbacon@mydomain.com";
newusername.GivenName = "Bob";
newusername.FamilyName = "Bacon";
newuserbody.Name = newusername;
newuserbody.Password = "iambacon";
User results = service.Users.Insert(newuserbody).Execute();
Console.WriteLine("Press any key to continue!");
Console.ReadKey();
}
}
}
I feel like it is something really simple I am missing however I have run out of any ideas on what to look at. Any help would be greatly appreciated!