failedPrecondition: Must be a G Suite domain user. Using service account to manage contacts in ruby
I am trying to manage contacts on my google workplace user using service account using ruby script and google api client.
Below is the code
require 'google/apis/people_v1'
require 'googleauth'
require 'byebug'
# Set up authorization
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open('g_suite_service_account.json'),
scope: scopes,
)
# Authorize the client
client = Google::Apis::PeopleV1::PeopleServiceService.new
client.authorization = credentials
# Fetch contacts
response = client.list_person_directory_people(
sources: 'DIRECTORY_SOURCE_TYPE_DOMAIN_CONTACT',
read_mask: 'addresses,clientData,emailAddresses,names,phoneNumbers'
)
byebug
puts ''
Here's what I've done,
- Create service account using google workplace cloud console.
- Assign the service account to the google workplace admin as domain wide delegation.
I'm still getting this error
failedPrecondition: Must be a G Suite domain user. (Google::Apis::ClientError)
Can anyone help point out where/what I am missing please. Thank you
Solution
When using Domain wide delegation you'll need to specify which user in the domain the service account will impersonate. In the current version of your code the API call is being made using the service account identity which caused the reported error.
You can specify the user using the .sub method:
# Set up authorization
scopes = ['https://www.googleapis.com/auth/contacts', 'https://www.googleapis.com/auth/directory.readonly']
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open('g_suite_service_account.json'),
scope: scopes,
)
credentials.sub = 'A_DOMAIN_USER@your_domain.com'
By doing this the API call in Google's servers will be performed using the impersonated user's identity.
Google's documentation:
- Server to server Applications - Preparing to make an authorized API call
- How to Make Or Reference a Null Ruby Binding For Eval
- ruby-inotify unexpected tilde ~ added to some reported file names
- Ruby on rails save a specific field in database
- Ruby: How to chain multiple method calls together with "send"
- Benefits of having a discrete new-action?
- no implicit conversion from nil to integer - when trying to add anything to array
- Ruby on Rails Active Record return value when create fails?
- How to uninstall Ruby from /usr/local?
- Ruby bsearch and bsearch_index bug?
- When do you need to pass arguments to `Thread.new`?
- How to classify ActionController::RoutingError as an error in Sentry
- Rails Devise Strong Parameters not building Nested Association
- How do I access class variable?
- How to render HTML with Haml::Engine from Haml 6.3?
- How do I know that a gem is compatible with a version of rails?
- Grover.to_pdf: ReadableStream is not defined
- Regex help, works on rubular not on production? Possible \n issue?
- How do I setup the ruby SDK in IntelliJ IDEA?
- Select ruby method definitions in vim
- Is assignment in a conditional clause good ruby style?
- Unable to run ruby console
- View a rdoc file in a ruby gem
- When to use dump vs. generate vs. to_json and load vs. parse in Ruby's JSON lib?
- Why does SimpleCov generate a coverage report before running tests?
- Ruby: how to uninstall Devise?
- GDBM in Standard Lib missing or is it just me?
- How to use Ruby MiniTest::Spec with Rails for API integration tests?
- Rails / Ruby method / regex to increment numeric part of string?
- How can Sinatra be configured to run within a virtual sub-directory of a reverse proxy?
- How does ruby on rails free database resources and close connections?