search

abujehad139 / google-api-go-client

Automatically exported from code.google.com/p/google-api-go-client
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

How to set service account user for admin directory #71

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I'm converting a c# app to go, how do you set the service account user when 
using this library?

I get this error 
Error 403: Not Authorized to access this resource/api, forbidden
when running this code.  If I remove the line from my c# code that sets the 
service account user I get the same error.

  privateKeyPemBytes := []byte(privateKeyPem)
    token := jwt.NewToken(iss, directory.AdminDirectoryUserReadonlyScope, privateKeyPemBytes)
    transport, err := jwt.NewTransport(token);

    if  err == nil {
      service, _ := directory.New(transport.Client())

      listCall := service.Users.Get("k...@....com");
      users, err := listCall.Do();

Thanks

Original issue reported on code.google.com by Ke...@binarysoftwareindy.com on 11 Nov 2014 at 2:11

GoogleCodeExporter commented 9 years ago 
This request probably should have gone to the goauth2 project.  Close this, the 
solution was to add the sub to the token

  token := jwt.NewToken(iss, directory.AdminDirectoryUserReadonlyScope, privateKeyPemBytes)

    token.ClaimSet.Sub = "k@email.com"

Original comment by Ke...@binarysoftwareindy.com on 11 Nov 2014 at 2:37