Open somejavadev opened 4 years ago
The same for me. I created service account with full access. And added all necessary scopes.
https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.user.security
and etc.
But can't get any user. Get this error every time Directory API: Not Authorized to access this resource/api
I've solved this problem by setting the serviceAccountUser to my admin email address to impersonate it.
val googleServiceAccountKey =
javaClass.classLoader.getResourceAsStream("google_service_account_key.json")!!
val credential =
GoogleCredential.fromStream(googleServiceAccountKey)
.createScoped(
listOf(
DirectoryScopes.ADMIN_DIRECTORY_USER,
DirectoryScopes.CLOUD_PLATFORM
)
)
FieldUtils.writeDeclaredField(credential, "serviceAccountUser", "ADMIN_EMAIL_ADDRSES", true)
Hi,
I am trying to list users within my gSuite domain from a gke cluster using a service account. I have done the following to test the service account with the
google-api-services-admin-directory
api:Within my Google Cloud Account I have enabled the Admin SDK. I then created a domain-wide service account in the project as described here https://developers.google.com/admin-sdk/directory/v1/guides/delegation, then downloaded the JSON key file and gave it authorization to the following scopes in the Admin Console:
I then setup a very basic Java application to test listing groups:
Test.java
pom.xml
Before running the java file I set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to my json service account file.
When running this no matter whether I am trying to access users or groups I keep getting the following error message from the API:
Stack trace:
I believe this issue might be related to the issue mentioned in the
google-api-nodejs-client
project:https://github.com/googleapis/google-api-nodejs-client/issues/1884
Adding the scope
https://www.googleapis.com/auth/admin.directory.user.security
does not resolve the problem.Regards