Reputation: 1749
Google service account not being authorized for calendar API
I am trying to connect to all calendars on our G Suite domain through a service account.
I created a new project and enabled the Google Calendar API in the API and services page.
I created a Google service account with:
- A name
- Roles that seem applicable
- Generated json key file
- Enabled G Suite for whole domain
In the Service Account management page I took my ID ([email protected])
I entered the G Suite security module and went to ManageOauthClients page where I input the ID and selected google calendar API (https://www.googleapis.com/auth/calendar)
It identified my ID correctly and added:
1234567890 Calendar (Read-Write) https://www.googleapis.com/auth/calendar
Where 1234567890 is the ID that Google took from my [email protected] input.
Now I added the nuget package for Google and the Calendar API and wrote the following code in a command line application in C#:
var scopes = new[] { CalendarService.Scope.Calendar };
ServiceAccountCredential credential;
using (Stream stream = new FileStream("ToprServiceAccount-xxxxyyyyy.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
credential = GoogleCredential.FromStream(stream).CreateScoped(scopes).UnderlyingCredential as ServiceAccountCredential;
}
var service = new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential
});
var list = service.CalendarList.Get("[email protected]").Execute();
I made sure that the calendar I asked for exists. It is the one from the account I used to actually perform all above steps.
But I still am getting the 404 error, meaning most likely that I don't have permission to access (my own) calendar.
Could it be role related? I am unsure what role(s) to pick when creating the service account.
Also when just trying to get the list of all calendars, it is an empty list.
Upvotes: 4
Views: 1716
Answers (2)
Reputation: 1749
I found out what went wrong (source here: https://neal.codes/blog/google-calendar-api-on-g-suite/)
In G-Suite -> Apps -> Calendar -> General settings I had to enable the option to share all calendars and outsiders can change calendars
After go into any calendar and share the calendar with the service account email. That would be [email protected] according to my sample in the question.
These two steps are as far as I can find not mentioned in the documentation. Just glad I got it working now!
Upvotes: 1
Reputation: 4460
I would say check that you have used the correct Client ID for your ManageOauthClients section in G Suite. The ID in the service account email should be different to the Client ID that you need to use.
You can confirm that you have the correct Client ID in two ways:
- Go to your generated JSON keyfile. You can get the Client ID by looking at the
client_idkey value pair - In the Cloud Console, go to IAM & admin -> Service Accounts. The last column should be
Options. If you have provisioned Domain Wide Delegation (DwD) for the account, you should be to clickView Client IDwhich should take you to another screen where you can view your Client ID.
Upvotes: 0
Related Questions
- Creating a ServiceAccountCredential for a user from a Systems account
- Access Google Calendar API using Service Account Authentication
- Google Calendar returning invalid grant
- Google Calendar API returns invalid_grant and bad request
- Google Calendar API Service Account Error 401 Invalid credential
- Google Calendar API: 403 Calendar Usage Limits Exceeded Using Service Account
- Cannot get access to Google Calendar API via Service Account
- Unable to authenticate Google Calendar API v3 programmatically?
- Google API OAuth2, Service Account, "error" : "invalid_grant"
- Google Calendar authentication Error