Reputation: 81
Creating a ServiceAccountCredential for a user from a Systems account
I use the following code to act on behalf of a user through a System-login (domain-wide authenticated). The only example I found which accomplishes this uses reflection to set the user. I know this isn't the proper way to accomplish this so I was wondering if someone could help me out with an example of how this should be solved
ServiceAccountCredential credential =
GoogleCredential.FromJson(GOOGLE_SYSTEM_USER_AUTH_INFORMATION)
.CreateScoped(Scopes)
.UnderlyingCredential as ServiceAccountCredential;
var userField = typeof(ServiceAccountCredential).GetField("user",
BindingFlags.NonPublic | BindingFlags.Instance);
userField?.SetValue(credential, GOOGLE_CALENDAR_USERNAME); //Act in the guise of the normal user GOOGLE_CALENDAR_USERNAME
service = new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName,
});
Upvotes: 4
Views: 2042
Answers (1)
Reputation: 1503180
The original answer below was brittle due to assuming knowledge of which properties were required. It's significantly simpler now:
var credential = GoogleCredential.FromJson(GOOGLE_SYSTEM_USER_AUTH_INFORMATION)
.CreateScoped(Scopes)
.CreateWithUser(GOOGLE_CALENDAR_USERNAME);
Here's how I'd do it, setting both the scopes and the new user at the same time via the ServiceAccountCredential.Initializer:
ServiceAccountCredential original = (ServiceAccountCredential)
GoogleCredential.FromJson(GOOGLE_SYSTEM_USER_AUTH_INFORMATION).UnderlyingCredential;
var initializer = new ServiceAccountCredential.Initializer(original.Id)
{
User = GOOGLE_CALENDAR_USERNAME,
Key = original.Key,
Scopes = Scopes
};
var credentialForUser = new ServiceAccountCredential(initializer);
Now that gives you a ServiceAccountCredential rather than a GoogleCredential. That's what your current code uses, so it should be okay - but it would be nice if there were a simple way of getting a GoogleCredential for this too. We should make this all simpler - I've filed an issue for that.
Upvotes: 4
Related Questions
- Creating Google Calendar events with a GCP Service Account
- Access Google Calendar API using Service Account Authentication
- How to login to Google API with Service Account in C# - Invalid Credentials
- Google Calendar API Service Account Error 401 Invalid credential
- Google Calendar API: 403 Calendar Usage Limits Exceeded Using Service Account
- Google service account not being authorized for calendar API
- How do I authenticate with the Google v3 api using a Service Account
- Google API Calender v3 Event Insert via Service Account using Asp.Net MVC
- Google Calendar API v3 .NET authentication with Service Account or Web Application ID
- How to access domain users' calendar using service account in .net?