Google admin directory add user
I am trying to insert a user account via https://www.googleapis.com/auth/admin.directory.user . I am using the following gem 'google-api-client', '0.11.1'
.
I have enabled the following: 1, api access enabled 2, domain maintenance domain domain domain 3, resolved realm urls for this service account client id
the code works with a different domain, but for a different account it throws an error.
{
"error": "unauthorized_client",
"error_description": "Client is unauthorized to retrieve access tokens using this method."
}
code:
SCOPES = ['https://www.googleapis.com/auth/admin.directory.user'
, 'https://www.googleapis.com/auth/admin.directory.group.readonly']
ENV['GOOGLE_APPLICATION_CREDENTIALS'] = 'expa-email-c2938bce41f9.json'
service = Google::Apis::AdminDirectoryV1::DirectoryService.new
authorization = Google::Auth.get_application_default(SCOPES)
authorization.sub = user_email
authorization.fetch_access_token!
service.authorization = authorization
service
source to share
Based on this thread , the service account is a dummy user. For a service account to have access to your account, it must be pre-authorized. You will authorize the service account just like any other user. You can check this sample code .
Additional link:
-
Client is unauthorized to obtain access tokens using this method of Gmail API C #
The service account must be authorized or cannot access emails for the domain.
"Client is not authorized to obtain access tokens using this method"
Means that you did not authorize it correctly, check the Delegation of domain authority in the service account
source to share