Not Authorized to access this resource/api while trying to access directory api
I am using node with the googleapis and google-auth-library packages for accessing the users of G-Suite domain. For that, a service account was created with the domain-wide-delegation enabled:
The domain admin gave access to the service account to access the following scopes:
"https://www.googleapis.com/auth/admin.directory.group.readonly",
"https://www.googleapis.com/auth/admin.directory.group.member.readonly",
"https://www.googleapis.com/auth/admin.directory.user.readonly"
My code looks like this:
import { JWT } from "google-auth-library/build/src/auth/jwtclient";
import * as google from "googleapis";
const keys = require("../google-credentials.json");
async function main() {
const client = new JWT(keys.client_email, undefined, keys.private_key, [
"https://www.googleapis.com/auth/admin.directory.group.readonly",
"https://www.googleapis.com/auth/admin.directory.group.member.readonly",
"https://www.googleapis.com/auth/admin.directory.user.readonly"
]);
await client.authorize();
const service = google.admin("directory_v1");
service.users.list(
{
auth: client,
domain: "my_domain.com",
maxResults: 10,
orderBy: "email"
},
function(err, response) {
if (err) {
console.log("The API returned an error: " + err);
return;
}
var users = response.users;
if (users.length == 0) {
console.log("No users in the domain.");
} else {
console.log("Users:");
for (var i = 0; i < users.length; i++) {
var user = users[i];
console.log("%s (%s)", user.primaryEmail, user.name.fullName);
}
}
}
);
}
main().catch(console.error);A JWT client gets initialised with the credentials received for the service account. Whatever, the client gives the following message back: Not Authorized to access this resource/api
Solution
You have to impersonate the service account with an email of a admin of your google domain.
const client = new JWT(
keys.client_email,
undefined,
keys.private_key,
[
"https://www.googleapis.com/auth/admin.directory.group.readonly",
"https://www.googleapis.com/auth/admin.directory.group.member.readonly",
"https://www.googleapis.com/auth/admin.directory.user.readonly"
],
"admin@yourdomain.com"
);
This is mentioned somewhere in the docs in a box, however not really documented anywhere how to implement...
- How to run TypeScript files from command line?
- How to save javascript array as redis list
- Is using `exec` in nodejs to convert word file to pdf via `pandoc` a safe way?
- How can I specify the migrations directory for typeorm CLI?
- how can I add menu button in telegram bot
- Node.js/Windows error: ENOENT, stat 'C:\Users\RT\AppData\Roaming\npm'
- Steps to send a https request to a rest service in Node js
- React app throwing error while i am importing docusign-esign module
- passport.deserializeUser function never getting called
- Getting a list of all countries to using npm countries-list
- Web Component not rendering when loaded from UNPKG CDN?
- Uncaught TypeError: Failed to resolve module specifier "react-router-dom". Relative references must start with either "/", "./", or "../"
- How do you disable Google Chrome SafeBrowsing while using Puppeteer?
- How can we add String Validation Like Enum In Nodejs and Sequelize
- Visual Studio Code Intellisense not working for Javascript
- node.js: gm throws spawn E2BIG error when passed too much data
- BCrypt error Illegal arguments: string, object
- "Error: Cannot find module 'metro-core'" when starting an Expo project
- Backend JavaScript file EmailJS send error
- NodeJS error "EMFILE, too many open files" on Mac OS
- Node.js console.log() not logging anything
- npx create-next-app@latest is giving errors
- Parse csv using "csv-parser" node JS
- Google Cloud Storage get signedUrl from CDN npm
- Does csv-parse allow you to read from file?
- Firefox can't establish a websocket connection while Chrome can
- Using Docker with nodejs with node-gyp dependencies
- npm error E401: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
- Node.js Writing into YAML file
- Restart node upon changing a file