2

I was trying to use the service account of my App to access to all documents of all users in my domain. I was following these instructions: https://developers.google.com/drive/delegation

But it didn't work. Could you please help me out on this??

Here is the problematic line of code

GoogleCredential credential = new GoogleCredential.Builder() .setTransport(TRANSPORT) .setJsonFactory(jsonFactory) .setServiceAccountId("SERVICE_ACCOUNT_EMAIL") .setServiceAccountPrivateKeyFromP12File( new java.io.File("SERVICE_ACCOUNT_PKCS12_FILE_PATH")) .setServiceAccountScopes(scopes) .setServiceAccountUser("abc@xyz.com").build();

It's working fine, but it should give me details for all the user for this domain... Instead it gives me only for one useraccount.. In the "Service" account doc it says it should be able to access all the user's data under this domain.

Scopes are added and APIS are enabled for this account

Patrice
  • 4,641
  • 9
  • 33
  • 43
Prashant Khaire
  • 137
  • 12
  • You need to fix your formatting. – skrrgwasme Oct 07 '14 at 12:41
  • when i run the program for getting document following error comes com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 OK { "code" : 403, "errors" : [ { "domain" : "global", "message" : "Forbidden", "reason" : "forbidden" } ], "message" : "Forbidden" } – Prashant Khaire Oct 09 '14 at 04:22

1 Answers1

3

I don't think the docs meant that you can have a service account and in one go access all the files in the whole domain, you need to act on behalf of a particular user by using the service account .setServiceAccountUser("abc@xyz.com").

The service account simply saves you the hassle of having to request permission from individual users. The only way I think you can achieve what you want is to retrieve all the users in the Domain using the Directory API in the Admin SDK (see this answer Listing users using Google Admin SDK in Java) then loop through these users creating a new Credential object by setting the service account user e.g. setServiceAccountUser("blah@blah.com").

Then use the Drive SDK to list the files for each user:

https://developers.google.com/drive/v2/reference/files/list

Community
  • 1
  • 1
omerio
  • 1,186
  • 7
  • 16
  • I did this but i am getting empty results of FileList – Prashant Khaire Oct 08 '14 at 04:12
  • when i run the program for getting document following error comes com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 OK { "code" : 403, "errors" : [ { "domain" : "global", "message" : "Forbidden", "reason" : "forbidden" } ], "message" : "Forbidden" } – Prashant Khaire Oct 08 '14 at 07:32
  • Have you followed all the steps outlined here to perform the domain delegation? https://developers.google.com/drive/web/delegation in particular granting your client id access to the drive scopes in the domain admin console? – omerio Oct 08 '14 at 08:27
  • ya i have followed all steps. i added 4 scopes https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/profile, https://www.googleapis.com/auth/userinfo.profile. but its give me com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 OK error – Prashant Khaire Oct 08 '14 at 08:38
  • omerio thank you. i solve forbidden exception . i facing another problem com.google.api.client.googleapis.json.GoogleJsonResponseException: 503 OK { "code" : 503, "errors" : [ { "domain" : "global", "message" : "Backend Error", "reason" : "backendError" } ], "message" : "Backend Error" } – Prashant Khaire Oct 09 '14 at 07:32
  • omerio : i want to get primaty and secondary domain from domain which api will i call. i m new on google api. i m working on drive i want check document share in same domain aur outside domain plz give me idea. now i m using permission list and get mail id and then check domain name afetr that decide same domain aur outside doiman – Prashant Khaire Oct 10 '14 at 05:18
  • I believe you can set the domain in question by setting the customer field i.e. directory.users().list().setCustomer("secondaydomain.com").execute(); – omerio Oct 10 '14 at 08:21
  • thanx but i want domain list from domain? can u suggest me which api and what should i do? – Prashant Khaire Oct 10 '14 at 08:52