google-cloud-platformgoogle-workspaceservice-accountsgoogle-meet

Google Meet Space creation using meet api and service account Error: 7 PERMISSION_DENIED: Permission denied on resource Space (or it might not exist)


Iam trying to create meeting spaces using service accounts, but i get "Error: 7 PERMISSION_DENIED: Permission denied on resource Space (or it might not exist)" although i followed the same documentation from google, except i tried using service account. Is there anything iam missing ?

I also added domain wide deligation scopes with the created service account client id.

enter image description here

The following is the code i tried in nodejs(for trial run im using nodejs, im implementing the actual in .net core). Both produce the same error. "Error: 7 PERMISSION_DENIED: Permission denied on resource Space (or it might not exist)"

SCOPES = ['https://www.googleapis.com/auth/meetings.space.created','https://www.googleapis.com/auth/meetings.space.readonly'];
 CREDENTIALS_PATH = "credentials.json";

  createMeetSpace(): string {
    this.authorize().then(this.createSpace).catch(console.error);
    return 
  }
 

  async authorize() {
    let client = new  GoogleAuth({
      scopes: this.SCOPES,
      keyFile: this.CREDENTIALS_PATH,  
    }); 
    return client;
  }

  async createSpace(authClient) {
    const meetClient = new SpacesServiceClient({
      authClient: authClient
    });
    // Construct request
    const request = {
    };
  
    // Run request
    const response = await meetClient.createSpace(request);
    console.log(`Meet URL: ${response[0].meetingUri}`);
  }
  


Solution

  • Since nobody answered, i guess ill answer my own question. The solution is to add a delegate email subject for impersonating. In node js i followed this solution.

     import { SpacesServiceClient, protos } from '@google-apps/meet';
     import { Injectable } from '@nestjs/common';  
     import { GoogleAuth } from 'google-auth-library/build/src/auth/googleauth';
     import { JWT } from 'google-auth-library/build/src/auth/jwtclient';
    
     @Injectable()
     export class AppService {
    
     SCOPES = [
      'https://www.googleapis.com/auth/meetings.space.created',
      'https://www.googleapis.com/auth/meetings.space.readonly' 
     ];
    
     createMeetSpace(): string {
       this.authorize().then(this.createSpace).catch(console.error);
       return 
     }
    
    
     async authorize() {
      const saclient = new JWT(
      "serviceaccountemail@xyz.iam.gserviceaccount.com",
      null,
      "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n",
      this.SCOPES,
       'yourimpersonatingemail@domain.com' // this email should be part of your workspace account
       );
       return saclient;
      }
    
     async createSpace(authClient) {
       const meetClient = new SpacesServiceClient({
       authClient: authClient
     });
     // Construct request
     const request = {   
       space: {
       config :{ 
        accessType:1 // for open access to meeting link
      }
     }
    }
    
    // Run request
     const response = await meetClient.createSpace(request);
     meetClient.descriptors
     console.log(`Meet URL: ${response[0].meetingUri}`);
    }