google-cloud-platform google-workspace service-accounts google-meet

Google Meet Space creation using meet api and service account Error: 7 PERMISSION_DENIED: Permission denied on resource Space (or it might not exist)

Iam trying to create meeting spaces using service accounts, but i get "Error: 7 PERMISSION_DENIED: Permission denied on resource Space (or it might not exist)" although i followed the same documentation from google, except i tried using service account. Is there anything iam missing ?

I also added domain wide deligation scopes with the created service account client id.

The following is the code i tried in nodejs(for trial run im using nodejs, im implementing the actual in .net core). Both produce the same error. "Error: 7 PERMISSION_DENIED: Permission denied on resource Space (or it might not exist)"

SCOPES = ['https://www.googleapis.com/auth/meetings.space.created','https://www.googleapis.com/auth/meetings.space.readonly'];
 CREDENTIALS_PATH = "credentials.json";

  createMeetSpace(): string {
    this.authorize().then(this.createSpace).catch(console.error);
    return 
  }
 

  async authorize() {
    let client = new  GoogleAuth({
      scopes: this.SCOPES,
      keyFile: this.CREDENTIALS_PATH,  
    }); 
    return client;
  }

  async createSpace(authClient) {
    const meetClient = new SpacesServiceClient({
      authClient: authClient
    });
    // Construct request
    const request = {
    };
  
    // Run request
    const response = await meetClient.createSpace(request);
    console.log(`Meet URL: ${response[0].meetingUri}`);
  }

Solution

Since nobody answered, i guess ill answer my own question. The solution is to add a delegate email subject for impersonating. In node js i followed this solution.

 import { SpacesServiceClient, protos } from '@google-apps/meet';
 import { Injectable } from '@nestjs/common';  
 import { GoogleAuth } from 'google-auth-library/build/src/auth/googleauth';
 import { JWT } from 'google-auth-library/build/src/auth/jwtclient';

 @Injectable()
 export class AppService {

 SCOPES = [
  'https://www.googleapis.com/auth/meetings.space.created',
  'https://www.googleapis.com/auth/meetings.space.readonly' 
 ];

 createMeetSpace(): string {
   this.authorize().then(this.createSpace).catch(console.error);
   return 
 }


 async authorize() {
  const saclient = new JWT(
  "serviceaccountemail@xyz.iam.gserviceaccount.com",
  null,
  "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n",
  this.SCOPES,
   'yourimpersonatingemail@domain.com' // this email should be part of your workspace account
   );
   return saclient;
  }

 async createSpace(authClient) {
   const meetClient = new SpacesServiceClient({
   authClient: authClient
 });
 // Construct request
 const request = {   
   space: {
   config :{ 
    accessType:1 // for open access to meeting link
  }
 }
}

// Run request
 const response = await meetClient.createSpace(request);
 meetClient.descriptors
 console.log(`Meet URL: ${response[0].meetingUri}`);
}