How to change the google API "service account" name/email address

Question

I am using the Google API to create a spreadsheet on google drive.

My app has a link that says 'Download To Google Doc'
The app sends a file to google docs and shares it with the user.
The user can then see it in google docs.

This all works good.

The problem is the identity of the service account sharing the doc. It is a generated id. I want it to be branded to my app.

Is this possible? -

It is this random number. I want it to be branded. Is this possible?

Is your usage of the API associated with a project in a google account? Thence is there anything in common between the id and the project? — John Mee, Apr 29 '15 at 03:35
You cant change that, service account email address is created by Google you are stuck with it. No you also cant supply your own it has to be the generated one by Google. — Linda Lawton - DaImTo, Apr 29 '15 at 07:05
@DaImTo Put that comment as an answer and i'll send you a check! — Byron Whitlock, Apr 29 '15 at 17:35

score 7 · Accepted Answer · answered Apr 30 '15 at 06:23

You can't change the service account email address, nor can you supply a real world user name to it. The service account email address is created by Google in the Google Developer console.

enter image description here

The only way to change the email address would be to delete it and create a new one but again you would be stuck with the one Google Created. I suspect that the client id and email address are a pair used for identification of your application. Similar to client id and client secret, but I cant verify that.

I do see your point it would be nice if we could.

score 2 · Answer 2 · answered Sep 29 '15 at 20:19

Google Service Accounts do allow you to impersonate an existing user account (for some services). I haven't tested it on Google Drive, but I have used it with the Webmaster tools API. The instructions can be found here: https://developers.google.com/identity/protocols/OAuth2ServiceAccount

To sum them up, when creating the service account credentials you can specify the "sub" parameter with "The email address of the user for which the application is requesting delegated access." The account you're requesting access for must exist and have permission to access to the services you're requesting.

In the link above Google provides examples for Java, Python and HTTP/REST, here's the Python example:

credentials = SignedJwtAssertionCredentials(client_email, private_key,
'https://www.googleapis.com/auth/sqlservice.admin',
sub='user@example.org')

I'm using the Ruby google-api-client gem (0.9.pre3) and the ServiceAccountCredentials constructor does not pass the 'sub' parameter to its parent class so it has to be specified in another step:

client = Google::Auth::ServiceAccountCredentials.new(json_key_io: json_key_io, scope: scope)
client.update!(sub: 'user@example.org')
client.fetch_access_token!
service = Google::Apis::WebmastersV3::WebmastersService.new
service.authorization = client

Using this code I can authenticate using my service account and I have access to the sites

I followed this and getting an error: `google.auth.exceptions.RefreshError: ('invalid_grant: Invalid email or User ID', '{\n "error": "invalid_grant",\n "error_description": "Invalid email or User ID"\n}')` — saran3h, Mar 28 '19 at 06:56

How to change the google API "service account" name/email address

2 Answers2