im attempting to call the cloud identity API to pull out all the Google Workspace settings from the admin console. Eventually I want to pull out specific settings into a Google Sheet, which is why I have the spreadsheet app. When I run the code it keeps coming back with the below error:
{ error: { code: 401, message: 'Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.', status: 'UNAUTHENTICATED', details: [ [Object] ] } }
I've enabled the Cloud identity API and the sheets API, i've linked the GCP project to my Apps script project, i've created a service account and downloaded the json key. I've also created an oauth client id and keep running into the same issue. Im using the json key copied and pasted in a different code file and i've tried using it to authenticate the api, but its not working.
I've done research online, but cant find anything that could get this working.
Any idea how to get this working?
function get_settings(){
const ss = SpreadsheetApp.getActiveSpreadsheet();
const settingsSheet = ss.getSheetByName("02. Google Workspace Security Settings");
var url = "https://cloudidentity.googleapis.com/v1beta1/policies"
var response = UrlFetchApp.fetch(url);
var json = response.getContentText();
var data = JSON.parse(json)
console.log(data);
}
**Configuration.gs**
const cloudidentity_credentials = {
"type": "service_account",
"project_id": "security-review-automation",
"private_key_id": "***********************************",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7AKYgLBa/U38y\njXaBfBGMiS0rU4tRh8rzVF+tttW/2saBl5ud+1X6ySNwhCnCVnm4IbfMsKzLX0WT\nSp2Mqs8v2Tc6JZPDBqqXKTwcuUeEwYNerBrhcS0GMpx3tzOtyGNTCpLUoAXa9UPE\n2FW9F8Kc501hjONhY2J/HW4n8hOe+V/JwIowmv912/WR8WkLUyQstFeI0A50QR4D\np1BFlmUYFrgu37f+vTQAyY/1ek91B7NtDvRa+N7Gjt+ccwFqafUHdByMSisGp6zw\nBaNbB43tIYV8pm9rfIkq0ex6l2Bi6SxbUKpcLvC7drnzamO3sy4rgFEjqJIdQAr2\noMplcDHFAgMBAAECggEAKkWxiATHaJ0onAYf85HXCriIsipazEWg0mQwk72IsKu1\nI17g8fO6oiwdO4ZYxUJUlhPjL12B1iBVg0ADAOUs3EFjS1zqu9OyNOUAnnKgsOko\nt/o6QluZ5LSEq8hJYZ+ymjdB7Vg2MqKuXN1Vdl8cYmkkFCjrzpxPi/IccGG33z/W\n7Em2VXLq7mlb1WeUorDdkw43W9hmCcOknR4VgTS1Aeu34Z+kr/b7m+Dz/G9DhSSl\nhUpeB8HN9BEs+4OxPooWwUPYYDggtxBeSXYqqDLt1LHTYU5+9udaRC33MSpCBga1\nDF0c7hHk3MlZexuugkLWBQPOpv9tp4GHeljCZny7CQKBgQD20pGC7h6x00+GA7NR\nVWvx6XNtmVdJzya8iEIkYV5mYPjHUwN4LPsTV2vL7h5uXkgSgDo8lluvU4hGZt6M\nOoJ8hO67N9U8zmC472HgTI0XfZpSZn14DtswgX1Rf6GuniksiSDtHgyAbMFlTguY\nkeIpwmlKHg1nii7RAtY4OLB1aQKBgQDB9KvjRFAaV41nTd366tGqQ/uimRAG6Cn0\n4YEKxyDdwXNrkCSYeRHX93m39ebWd7DzX69UyAIRLmDhtpTP1ZsP0i9MDGLFM8dR\nAb36Y8Ik6i3s0bUHkErOBdkr9TgkRSMQj1TWu2NL2zjPZDMyviW4JKWFNoiDn8lc\n9sFKqUjB/QKBgFr02Aiu5YLUgy64uGEVoJTiWdYetwsNGpJJiE5Nz3Lc83DIx7OG\np/PFuITLOE2l0tt2g3+GTT08BDElgYednC508mDtv1gMGZqtJJ16uFfawn7xI/WV\nS/MBFQRui0+FG1k9I3QeKa895LsHWsCbqgOHkDNvBbONOZlueTD4uxZZAoGATYDD\nntERYTVTH9CRv05N8cewqcyYBuqGuX/S3Metbm96+6RhuzvF0ZLmZIgyccjqQJYf\nrbUufkcWF5up41Lr32qR08WvQjXqk4gqrf9m+PFK4LL7r8YM3j6gBVy7zmKCHH/p\n2tSOXSWAkf7sJn6s++RI7+5WpqIXCLrhikAS/tECgYB6xQ7yrCrCfTxwTX42BmJX\nMBFukX/51kVn98CPMccgami23naUVGJfz9DrZZ/vtrVFoUDehqqruDiXjiFzBZRl\nyqjILD7tGMHk+K58wDFc8GQ1nCB4mTbwbDjlXla//j3C1ISnQLwjtsj5Ggss/vNu\nF8RqCO4EeKTK1s1f8FqMew==\n-----END PRIVATE KEY-----\n",
"client_email": "cloud-identity-policy-app@security-review-automation.iam.gserviceaccount.com",
"client_id": "102944771842644545560",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/cloud-identity-policy-app%40security-review-automation.iam.gserviceaccount.com",
"universe_domain": "googleapis.com"
};
const PROJECT_ID = 'security-review-automation';
Your issue is during the fetching part of your project, you are not using any authentication, assuming that it is all the code you have right now. I understand that you are using a Service Account. Unfortunately at this stages of Apps Script it is not allowed because you cannot load the Key on the Apps Script. Moreover, there are a variety of ways to do authentication. Since what you are using is Apps Script. I would suggest using the Built in Script App method and use get0AuthToken(). You can read more here on this link.
Sample Code:
function myFunction() {
var apikey = "API KEY";
const params = {
headers: {
"Authorization": 'Bearer ' + ScriptApp.getOAuthToken()
}
};
var url = "https://cloudidentity.googleapis.com/v1beta1/policies?key="+ apikey;
var response = UrlFetchApp.fetch(url, params);
console.log(response)
}
Please make sure that you follow the set up process for API Keys, to make sure you have adequate scopes for your projects.There are also other workarounds for this you can read Tanaike's article about this as well.
References: