Iam trying to create meeting spaces using service accounts, but i get "Error: 7 PERMISSION_DENIED: Permission denied on resource Space (or it might not exist)" although i followed the same documentation from google, except i tried using service account. Is there anything iam missing ?
I also added domain wide deligation scopes with the created service account client id.
The following is the code i tried in nodejs(for trial run im using nodejs, im implementing the actual in .net core). Both produce the same error. "Error: 7 PERMISSION_DENIED: Permission denied on resource Space (or it might not exist)"
SCOPES = ['https://www.googleapis.com/auth/meetings.space.created','https://www.googleapis.com/auth/meetings.space.readonly'];
CREDENTIALS_PATH = "credentials.json";
createMeetSpace(): string {
this.authorize().then(this.createSpace).catch(console.error);
return
}
async authorize() {
let client = new GoogleAuth({
scopes: this.SCOPES,
keyFile: this.CREDENTIALS_PATH,
});
return client;
}
async createSpace(authClient) {
const meetClient = new SpacesServiceClient({
authClient: authClient
});
// Construct request
const request = {
};
// Run request
const response = await meetClient.createSpace(request);
console.log(`Meet URL: ${response[0].meetingUri}`);
}
Since nobody answered, i guess ill answer my own question. The solution is to add a delegate email subject for impersonating. In node js i followed this solution.
import { SpacesServiceClient, protos } from '@google-apps/meet';
import { Injectable } from '@nestjs/common';
import { GoogleAuth } from 'google-auth-library/build/src/auth/googleauth';
import { JWT } from 'google-auth-library/build/src/auth/jwtclient';
@Injectable()
export class AppService {
SCOPES = [
'https://www.googleapis.com/auth/meetings.space.created',
'https://www.googleapis.com/auth/meetings.space.readonly'
];
createMeetSpace(): string {
this.authorize().then(this.createSpace).catch(console.error);
return
}
async authorize() {
const saclient = new JWT(
"serviceaccountemail@xyz.iam.gserviceaccount.com",
null,
"-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n",
this.SCOPES,
'yourimpersonatingemail@domain.com' // this email should be part of your workspace account
);
return saclient;
}
async createSpace(authClient) {
const meetClient = new SpacesServiceClient({
authClient: authClient
});
// Construct request
const request = {
space: {
config :{
accessType:1 // for open access to meeting link
}
}
}
// Run request
const response = await meetClient.createSpace(request);
meetClient.descriptors
console.log(`Meet URL: ${response[0].meetingUri}`);
}