Getting a 403 - Forbidden for Google Service Account

Sayali picture Sayali · Dec 4, 2013 · Viewed 23.9k times · Source

I am trying to get an access token for Google Service Account. Following is my code -

String SERVICE_ACCOUNT_EMAIL = "[email protected]";
List scope = new ArrayList();
scope.add("https://www.googleapis.com/auth/admin.directory.user");
String keyFile = "C:\\edited-privatekey.p12";
HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
JsonFactory JSON_FACTORY = new JacksonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(scope)
.setServiceAccountPrivateKeyFromP12File(new java.io.File(keyFile))
.build();

credential.refreshToken();
String accessTokens = credential.getAccessToken();

Although the code works fine and I do get an access token, when I try to use it to 'GET' a Google Apps User using the Google Directory APIs, I get a 403 - Forbidden response code. Could someone please help?
I know the code for GET user is correct because it works fine with the access token generated by Google Apps Admin.

Answer

qtxo picture qtxo · Dec 4, 2013

You need to set an admin account with:

.setServiceAccountUser(some_admin_email)

And make sure your App (with the correct scopes) is granted access in the cpanel.