I'm trying to impersonate a super admin account to use the shared contacts API to create new contacts in a directory, after using the gdata client library I couldn't authorize my request even tho I used the same method I used to authorize another API call but for the Directory API instead of the Domain Shared Contacts.
Here is my code:
from googleapiclient.discovery import build
from oauth2client.service_account import ServiceAccountCredentials
import gdata.contacts
import gdata.contacts.data
import gdata.contacts.client
import atom
class TestView(APIView):
SERVICE_ACCOUNT_EMAIL = (
"x-serviceaccount@x.iam.gserviceaccount.com"
)
SERVICE_ACCOUNT_PKCS12_FILE_PATH = "C:\\Users\\Hoda\\Desktop\\xtools\\x\\Backend\\x-x.p12"
def get(self, request, *args, **kwargs):
credentials = ServiceAccountCredentials.from_p12_keyfile(
self.SERVICE_ACCOUNT_EMAIL,
self.SERVICE_ACCOUNT_PKCS12_FILE_PATH,
"notasecret",
scopes=[
'https://www.googleapis.com/auth/admin.directory.user',
'https://www.googleapis.com/auth/admin.directory.user.security',
'https://www.googleapis.com/auth/admin.directory.group',
'https://www.google.com/m8/feeds/contacts/'
],
)
gd_client = gdata.contacts.client.ContactsClient()
credentials = credentials.create_delegated('admin@admin.com')
service = build('admin', 'something', credentials=credentials)
#while using the directory API I wrote directory_v1 instead of
#something and now I have no
#idea what to write and is that even the right way to authorize
#the service account here or not
new_contact = gdata.contacts.data.ContactEntry()
new_contact.name = gdata.data.Name(
given_name=gdata.data.GivenName(text="Mohamed"),
family_name=gdata.data.FamilyName(text="Safi"),
full_name=gdata.data.FullName(text="Mohamed Safi"),
)
new_contact.content = atom.data.Content(text="Notes")
new_contact.email.append(
gdata.data.Email(
address="liz@gmail.com",
primary="true",
rel=gdata.data.WORK_REL,
display_name="E. Bennet",
)
)
new_contact.email.append(
gdata.data.Email(address="liz@example.com", rel=gdata.data.HOME_REL)
)
new_contact.phone_number.append(
gdata.data.PhoneNumber(
text="(206)555-1212", rel=gdata.data.WORK_REL, primary="true"
)
)
new_contact.phone_number.append(
gdata.data.PhoneNumber(text="(206)555-1213", rel=gdata.data.HOME_REL)
)
new_contact.im.append(
gdata.data.Im(
text="liz@gmail.com",
primary="true",
rel=gdata.data.HOME_REL,
protocol=gdata.data.GOOGLE_TALK_PROTOCOL,
)
)
new_contact.structured_postal_address.append(
gdata.data.PostalAddress(
rel=gdata.data.WORK_REL,
primary="true",
street=gdata.data.Street(text="1600 Amphitheatre Pkwy"),
city=gdata.data.City(text="Mountain View"),
region=gdata.data.Region(text="CA"),
postcode=gdata.data.Postcode(text="94043"),
country=gdata.data.Country(text="United States"),)
)
contact_entry = gd_client.create_contact(new_contact)
print("Contact's ID: %s" % contact_entry.id.text)
return Response(contact_entry)
So, now I just want to know how to authorize that service account to write data into my directory.
side note: I have given the service account all the authorization needed in my admin console.
I found out that using the discovery build function is not the right way to call the create_contact() function which is associated with the domain shared contacts API. What I found out is that I can authorize my service account using the gauth module which lies inside the gdata library, you can import it as follows:
import gdata.gauth
after that,
OAuth2TokenFromCredentials class which lies inside the
gauth module to provide a way for you to use OAuth 2.0
credentials obtained for use with google-api-python-client as
credentials in gdata-python-client, you can use it as follows:
auth2token = gdata.gauth.OAuth2TokenFromCredentials(credentials)credentials in the code above refer to the credentials you just created using your service account email and key file.
gd_client = auth2token.authorize(gd_client)then after that, congrats you can use your gdata client to make authorized requests with your service account impersonating any admin at any workspace.