I use the following code in a java web application to try to get all users of a group:
GoogleCredential credential = GoogleCredential.fromStream(Util.class.getResourceAsStream("[credential_file].json")).createScoped(SCOPES);
Directory directory = new Directory.Builder(httpTransport, JSON_FACTORY, credential).build();
Directory.Members dirMem = directory.members();
Members members = dirMem.list("[group_email]").execute();
This results in an exception 403 (Not authorized to access this resource/API) on the last line (dirMem.list
...).
From the documentation (https://developers.google.com/admin-sdk/directory/v1/guides/delegation) and other posts, I saw that the solution to this is to set a service account user with setServiceAccountUser()
.
However, this means that I have to use a p12 file instead of a json file (Google recommends using a json file when you create the key).
Is there any way to get around this issue while still using a json file (it also involves less code).
Thanks.
As suggested by this answer to a related question, including the sub
(subject, I think) to indicate the email address of a delegated admin in your Google Apps account is a necessary step for the API calls to work. That delegated admin will also probably need to be authorized to access/modify the data or endpoints you are calling. Since my experience has been with the PHP client, not Java, I don't know the specifics of how you will provide that email address to the Java classes in use in your example.