Cant authenticate domain as Super Admin

[Chris4678]

I have used this module successfully for 4 google domains. I have a 5th domain that I am trying to get setup now. All 5 domains have provided me with a super admin account and they are all Google Education domains. Like I said before I have this module working perfectly for 4 out of 5 domains. When I setup my 5th domain I click for click go through the exact same process but cant get authenticated. Error: "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested." I have full control of the domain and have re done the setup almost 10 times now. I have contacted google and made sure every setting needed is enabled. I am at a loss for what to do moving forward.

I decided to try the second authentication method using OAuth instead of a service account. I created a project with all of the APIs enabled like the first step for super admins, however, instead of creating the service account I started following the steps for using a client ID. I get that working, however, it doesnt allow me to use the Admin SDK which I believe is the API I need to manage user accounts. (my end goal) I enabled all of the scopes in the list. I set the consent screen to internal as well which seemed to fix some warning signs on the page. I still get an error saying: "Insufficient Permission: request had insufficient authentication scopes."

I know this is a long shot but do you have any advice on how to move forward? I have set this tool up with no issue so many times before and I even re setup a known good domain to make sure I wasn't missing a step. It worked fine, however, this new one still wont. Is there some hidden setting I might be missing? Is there some way to make OAuth work for Admin SDK? Any advice would be life saving. I already wrote a 1k+ line script for this domain using my testing domain to build it. Now all of that is useless if I cant get authenticated...

[scrthq]

Hey @Chris4678 - occasionally, new project permissions don't propagate immediately, leading to those erroneous errors. As you discovered, going the Client ID route is intended for non-admins or free Gmail users, so the Admin SDK isn't available that way.

I have seen it take up to a day for a new account + new project to start working correctly. Given that you've set this up successfully multiple times already, I don't doubt that there was any issue on your end with the configuration, just need to give it a little time before Google propagates the changes.

[Chris4678]

Alright I let one project sit overnight to see if that helped but nothing yet. I will re set one up and leave it over the weekend. Hopefully something magical happens :/

[scrthq]

Keeping open until we know you're sorted!

[Chris4678]

Does the module actually connect to google to generate the config? So after waiting a while should I just use the config I generated today, or would I want to re generate the config?

[scrthq]

The config itself (AdminEmail, P12KeyPath, etc), does not connect to Google at all unless you're running one of the commands that call the Google SDKs. You should just see the config start working after propagation if all was set up as needed

On Fri, Aug 30, 2019 at 9:41 AM Chris4678 notifications@github.com wrote:

Does the module actually connect to google to generate the config? So after waiting a while should I just use the config I generated today, or would I want to re generate the config?

— You are receiving this because you modified the open/close state.

Reply to this email directly, view it on GitHub https://github.com/scrthq/PSGSuite/issues/228?email_source=notifications&email_token=ADBCRXOMZIOABYPFQ2A6PU3QHEWP5A5CNFSM4ISNTEMKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5R3G4Q#issuecomment-526627698, or mute the thread https://github.com/notifications/unsubscribe-auth/ADBCRXKOTBMYS6GU57BK57TQHEWP5ANCNFSM4ISNTEMA .

-- Thank you for your time, Nate Ferrell (SCRT HQ)

[Chris4678]

I somehow managed to get a rep from the Google API team on the phone and he spent a long time going over my domain settings. It looks like something with my super admin account is broken. But the thing is I can setup the project and everything with that "broken" super admin account and then just use a different admin email in the config. Once we did this it started working. Neither I or the google tech could figure out what was different about the accounts but it is working now!

[scrthq]

Awesome news, albeit a bit odd!! Any chance on resolving that particular account that would be useful information to pass along, @Chris4678 ?! Thank you for the update!

[Chris4678]

I have no idea why that particular account was not working. We didn't end up changing anything about it. I just list a different admin email in the config setup and it worked. The google rep said the only thing that makes since is if I was spelling the name wrong somehow... but I copy and pasted it, checking and re checking so I don't think that was it. but who knows. If anyone else has the same issue just have them try putting a different super admin in for the admin email.

[scrthq]

Got it! Thank you for the details!

On Fri, Aug 30, 2019 at 3:40 PM Chris4678 notifications@github.com wrote:

I have no idea why that particular account was not working. We didn't end up changing anything about it. I just list a different admin email in the config setup and it worked. The google rep said the only thing that makes since is if I was spelling the name wrong somehow... but I copy and pasted it, checking and re checking so I don't think that was it. but who knows. If anyone else has the same issue just have them try putting a different super admin in for the admin email.

— You are receiving this because you modified the open/close state.

Reply to this email directly, view it on GitHub https://github.com/scrthq/PSGSuite/issues/228?email_source=notifications&email_token=ADBCRXP5RJ56GWWJGXZTDCTQHGAUDA5CNFSM4ISNTEMKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5SXHKQ#issuecomment-526742442, or mute the thread https://github.com/notifications/unsubscribe-auth/ADBCRXOPOM5GSWHAWRN44HDQHGAUDANCNFSM4ISNTEMA .

-- Thank you for your time, Nate Ferrell (SCRT HQ)