Reputation: 1880
Support for Service Accounts OAuth2 scenario
Does Directory API support authentication with OAUth2 Service Accounts flow?
I tested the serviceAccount.php google-php-api-client example using the scopes https://www.googleapis.com/auth/admin.directory.group and https://www.googleapis.com/auth/admin.directory.user and it didn't work.
Upvotes: 4
Views: 881
Answers (2)
Reputation: 13528
You need to authorize the service account client ID to access the given API scopes in the Google Apps Control Panel. See the step as described in the Drive API docs, just sub in your Admin SDK scopes.
Note that IMHO, there's very little advantage to using a Service Account with Directory/Reporting APIs as you still need to impersonate a user who has super admin (or proper delegated admin) roles in order to perform and API calls. To me it makes just as much sense to just get a 3-legged OAuth 2.0 refresh token which supports offline from the admin. 3-legged can be done entirely programmatically where-as Service Accounts require the manual step above.
Upvotes: 1
Related Questions
- Google Admin SDK with service account without impersonation
- Google Admin SDK authentication with service account
- How to apply OAuth2 in "web service" scenario?
- How to authorise a service account to access the Google Admin API
- Using service accounts and oauth2 to call autoML Google API
- GSuite Service Account + OAuth2 for other domains
- Create users using Service Account with Google Admin SDK?
- How to get OAuth2 working with a service account
- How to use Oauth2 service accounts with Google Drive and the App Engine SDK
- Google OAuth2 Service Accounts authorization