Error with google api service account

Question

I am trying access google api for my domain by using service account. This is my tutorial https://developers.google.com/accounts/docs/OAuth2ServiceAccount

The first: I access "console.developers.google.com" and create new project. I added calendar API to my project. After that I create credential OAuth "service account". I use this key and create and access_token with role "https://www.googleapis.com/auth/calendar". I got access_token successful.

The second, I access "admin.google.com" and go to manage API client access. I added my client ID with role "https://www.googleapis.com/auth/calendar"

But when I use this access to access GET request https://www.googleapis.com/calendar/v3/calendars/[CalendarID]?access_token=???

I always get message

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "notFound",
    "message": "Not Found"
   }
  ],
  "code": 404,
  "message": "Not Found"
 }
}

Seem maybe my access_token can't access to my domain. This is my source code to create access_token.

$private_key = openssl_pkey_get_private('file://key.pem', 'notasecret');

$header = array("alg" => "RS256", "typ" => "JWT");
$header = base64_encode(utf8_encode(json_encode($header)));
$exp = time() + (60 * 60); 


$jwt_cs = array(
   "iss" => "ClientEmail@MyApp",
   "scope" => "https://www.googleapis.com/auth/calendar",
   "aud" => "https://www.googleapis.com/oauth2/v3/token",
   "exp" => $exp,
   "iat" => time(),
   "access_type" => "offline"
);
$jwt_cs = base64_encode(utf8_encode(json_encode($jwt_cs)));

openssl_sign($header.'.'.$jwt_cs, $sign, $private_key, 'sha256WithRSAEncryption');

$sign = base64_encode($sign);

$jwt = $header.'.'.$jwt_cs.'.'.$sign;
$login_data = array(
    'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
    'assertion' => $jwt
);
$url='https://www.googleapis.com/oauth2/v3/token';

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($login_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$res = curl_exec($ch);
curl_close($ch);

Can you show me my wrong?

you need to give the service account access to the domain. I don't have access to a domain account so I cant help you test this. But you "should" be able to take the service accounts email address and add it like you would any other user. This "should" give it access. — Linda Lawton - DaImTo, Feb 26 '15 at 12:20
also try https://www.googleapis.com/calendar/v3/users/me/calendarList?key={AccessToken} instead if your calendar id is wrong that could cause the error as well. (yes I said Key not Access_token don't ask.) — Linda Lawton - DaImTo, Feb 26 '15 at 12:22
I think I did it in https://admin.google.com/AdminHome?chromeless=1#OGX:ManageOauthClients. I added my client ID to "Authorized API clients" and "https://www.googleapis.com/auth/calendar " to One or More API Scopes — hoangvu68, Feb 26 '15 at 12:24
https://github.com/google/google-api-php-client <--- Client library :) — Linda Lawton - DaImTo, Feb 26 '15 at 12:25
My calendar id is not wrong. I tested it in this page https://developers.google.com/oauthplayground/ — hoangvu68, Feb 26 '15 at 12:25
I am using this tutorial https://developers.google.com/accounts/docs/OAuth2ServiceAccount — hoangvu68, Feb 26 '15 at 12:26
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/71771/discussion-between-hoangvu68-and-daimto). — hoangvu68, Feb 26 '15 at 12:26

Error with google api service account

0 Answers0