HttpError 403 : "Not Authorized to access this resource/api"> when trying to add members to a group

Question

Here is my code:

def addUsersToGroup(users,group):#users is a list of emails.
SCOPES1 = 'https://www.googleapis.com/auth/admin.directory.group'
store = file.Storage('token.json')
creds = store.get()
if not creds or creds.invalid:
    flow = client.flow_from_clientsecrets('credentials.json', SCOPES1)
    creds = tools.run_flow(flow, store)
service = build('admin', 'directory_v1', http=creds.authorize(Http()))
groupbody={'email':group}
add_group = service.groups().insert(body=groupbody).execute() #making the group

for user in users:
    emailbody = {'email':user}
    group_add=service.members().insert(groupKey=groupbody, body=emailbody).execute()

When running this I am allowed to create a group but not add members to it. I have enabled domain-wide access the scope https://www.googleapis.com/auth/admin.directory.group for my google admin account.

Here is the errorcode :

raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 403 when requestinghttps://www.googleapis.com/admin/directory/v1/groups/%7B%27email%27%3A%20% 
27alfabetet%40ntnui.no%27%7D/members?alt=json returned "Not Authorized 
to access this resource/api">

Help? :)

Answer 1

Based from this thread, this might be a permissions issue.

Seems that this issue is related to this topic here: Received error "Not Authorized to access this resource/api" when trying to use Google Directory API and Service Account Authentication

You need to pass account email with admin permissions into credentials like this:

credentials = SignedJwtAssertionCredentials('CLIENT_EMAIL', 
    key, scope='https://www.googleapis.com/auth/admin.directory.user', sub='superadmin@domain.com')

This process is now documented at: https://developers.google.com/admin-sdk/directory/v1/guides/delegation