CODEWITHSUNDEEP
google-apigmail-apigoogle-api-python-clientgoogle-oauth
Robbie
Robbie

Reputation: 29

Can Google API domain-wide delegation service accounts enable gmail push through impersonating a user?

I created a service account on my Google Apps domain with domain-wide delegation enabled, and full gmail and pubsub API scopes enabled on the service account's client ID from my domain's control panel.

I can successfully instantiate a gmail API client and impersonate one of the domain's accounts with:

    credentials = oauth2client.SignedJwtAssertionCredentials(secret['client_email'], secret['private_key'], ['https://www.googleapis.com/auth/gmail.modify'], sub='[email protected]')

    http = httplib2.Http()
    credentials.authorize(http)

    return discovery.build('gmail', 'v1', http=http)

I am attempting to set a push notification webhook on the impersonated user's account with the following. The specified topic name is valid.

  request = {
    'labelIds': ['INBOX'],
    'topicName': 'projects/projectName/topics/topicName'
  }

  gmail.users().watch(userId='me', body=request).execute()

I receive the following error after the call to watch:

<HttpError 400 when requesting https://www.googleapis.com/gmail/v1/users/me/watch?alt=json returned "Invalid developer ID">

Calls to other gmail API methods (list messages, etc.) are successful.

Are service accounts with domain-wide delegation able to enable gmail push notification webhooks on a domain user's account?

Upvotes: 2

Views: 808

Answers (1)

ndom91
ndom91

Reputation: 837

I have successfully done this recently with a service account by doing just that ^^, simply pass the email address of the user instead of 'me' in the pubsub client setup call

Upvotes: 0

Related Questions