Impersonating user using Google service account fails (JAVA client)

Question

When i try to impersonate a user in Google Apps Domain to authenticate Google Drive API using setServiceAccountUser() i get a response as

com.google.api.client.auth.oauth2.TokenResponseException: 403 OK { "error" : "access_denied", "error_description" : "Requested client not authorized." }

Below is my code :

GoogleCredential credential = new GoogleCredential.Builder()
                            .setTransport(httpTransport)
                            .setJsonFactory(jsonFactory)
                            .setServiceAccountId(SERVICE_ACCOUNT_ID)
                            .setServiceAccountUser("user@domain.com")
                            .setServiceAccountScopes(scope)
                            .setServiceAccountPrivateKey(privateKey)
                            .build(); 
Drive service = new Drive.Builder(httpTransport, jsonFactory,null).setHttpRequestInitializer(credential).setApplicationName(AppName).build();
File body = new File();
body.setTitle("Export");
body.setMimeType("application/vnd.google-apps.spreadsheet");
service.files().insert(body).execute();

Thanks in advance !

Ram Balaji Subbaiyan .

If your application access drive, then the scope should be included. Otherwise it throws this error. You can try checking this link http://stackoverflow.com/questions/27035665/gmail-api-service-accounts-return-403-error — KRR, Jan 03 '15 at 00:25

score 0 · Answer 1 · answered Feb 13 '17 at 11:35

0

The error is thrown because of incorrect service account user

 setServiceAccountUser("user@domain.com")

The user account mentioned here should have the domain level access. Also try enabling domain level delegation for the service account

answered Feb 13 '17 at 11:35

Aarish Ramesh

6,745
15
60
105

Impersonating user using Google service account fails (JAVA client)

1 Answers1