Receiving Insufficient Permission error from DirectoryService

google-api-dotnet-client
VaultBoy14 picture VaultBoy14 · Apr 29, 2015 · Viewed 12.1k times · Source

I am trying to setup c# code to manage our Google domain.

I am receiving this error whenever I call service.Users.List() or any other method from the DirectoryService api.

Google.Apis.Requests.RequestError

Insufficient Permission [403]

Errors [

    Message[Insufficient Permission] Location[ - ] Reason[insufficientPermissions] Domain[global]

]

I followed all the instructions on the OAuth setup. The account I am using is a domain admin.

The clients secret file I am using works fine when I use it with GAM.exe to do the same operations. This is leading me to believe that i am doing something wrong in my code.

Below is my code for querying users, is there anything I am missing?

        static void Main(string[] args)
    {
        var applicationName = "App Project Name";
        var userName = "[email protected]";
        var clientID = "clientIDfromAPIcredentialpageonconsole.developers.google.com";

        UserCredential credential;

        using (var stream = new FileStream("C:\\gam\\client_secrets.json", FileMode.Open, FileAccess.Read))
        {
            credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
                GoogleClientSecrets.Load(stream).Secrets,
                new[] { DirectoryService.Scope.AdminDirectoryOrgunit, DirectoryService.Scope.AdminDirectoryUser },
                userName,
                CancellationToken.None, null).Result;
        }

        var service = new DirectoryService(new BaseClientService.Initializer() 
            { 
                ApplicationName = applicationName, 
                HttpClientInitializer = credential 
            });

        var list = service.Users.List();

        var users = list.Execute();
    }
}

Answer

peleyal picture peleyal · Apr 29, 2015

2 options:

  1. You didn't include the right Scope. Are you sure that DirectoryService.Scope.AdminDirectoryOrgunit, DirectoryService.Scope.AdminDirectoryUser are enough?
  2. Did you enable the API in the Console? More information is available at: https://developers.google.com/api-client-library/dotnet/get_started#auth, Look for your project in https://console.cloud.google.com/project and make sure that you enabled the Directory Admin API.

Please update this thread if one of these options worked or something else is still missing for you.

Related questions

Accessing Google Spreadsheets with C# using Google Data API

I'm having some information in Google Spreadsheets as a single sheet. Is there any way by which I can read this information from .NET by providing the google credentials and spreadsheet address. Is it possible using Google Data APIs. Ultimately …

Read More
Could not load file or assembly System.Net.Http.Primitives. Located assembly's manifest definition does not match the assembly reference

I'm working on a program that uses the Google API. However every time I run my program, it I keeps getting the following error: Could not load file or assembly 'System.Net.Http.Primitives, Version=1.5.0.0, Culture=neutral, PublicKeyToken=b03f5…

Read More
Google API OAuth2, Service Account, "error" : "invalid_grant"

I'm trying to use service account to sync calendars from Dynamics CRM software to Google. During this I faced lack of documentation on google API for .net, especially regarding authorization. Most of Google samples can't be even compiled because of …

Read More