0

Summary: I need help getting a service (service account in developers console) to authenticate to be able to create a Mail Monitor (email audit API)

The most relevant/official pages I've read are:

developers.google.com/admin-sdk/email-audit/auth

developers.google.com/identity/protocols/OAuth2 developers.google.com/identity/protocols/OAuth2ServiceAccount

I've read several examples but they are either old (before oauth became mandatory) or for client apps (with user consent).

The code below gets an error 401 (authorization required) because it's missing the code to authenticate in this scenario.

HttpTransport httpTransport = new NetHttpTransport();
JacksonFactory jsonFactory = new JacksonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
  .setTransport(httpTransport)
  .setJsonFactory(jsonFactory)
  .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
  .setServiceAccountScopes(Arrays.asList("https://apps-apis.google.com/a/feeds/compliance/audit/ https://www.googleapis.com/auth/userinfo.email"))
  .setServiceAccountUser(<account user>)
  .setServiceAccountPrivateKeyFromP12File(new java.io.File(<PKCS12_FILE_PATH>))
  .build();

MailMonitor monitor = new MailMonitor();

Calendar beginDate = Calendar.getInstance();
beginDate.set(2009, Calendar.JUNE, 15, 0, 0);
monitor.setBeginDate(beginDate.getTime());
Calendar endDate = Calendar.getInstance();
endDate.set(2009, Calendar.JUNE, 30, 23, 20);
monitor.setEndDate(endDate.getTime());
monitor.setIncomingEmailMonitorLevel("FULL_MESSAGE");
monitor.setOutgoingEmailMonitorLevel("HEADER_ONLY");
monitor.setDraftMonitorLevel("FULL_MESSAGE");
monitor.setChatMonitorLevel("FULL_MESSAGE");
monitor.setDestUserName(<user name>);

AuditService service_audit = new AuditService(<domain>, <app id>);

//WHAT CODE DO I INSERT HERE TO AUTHORIZE THIS SERVICE?
//I've tried : 
//service_audit.setOAuthCredentials(oauthParameters, new OAuthHmacSha1Signer());
//but it requires Consumer Secret, etc which are only relevant for web applications where there is no user consent

GenericEntry entry = service_audit.createMailMonitor(<user id to monitor>, monitor);

I've seen examples for other APIs using method Builder, like:

Reports service = new Reports.Builder(httpTransport, jsonFactory, null)
  .setHttpRequestInitializer(credential).build();

So I've also tried the below but I get a cannot find symbol:

AuditService service = new AuditService.Builder(httpTransport, jsonFactory, null)
  .setHttpRequestInitializer(credential).build();

What am I missing? Can I get some pointers on how to move from here?

many thanks!

Julio Endara
  • 65
  • 1
  • 7

1 Answers1

2

Found the answer... maybe somebody else could benefit from it.

The code missing was 

credential.refreshToken();
service.setOAuth2Credentials(credential);
Julio Endara
  • 65
  • 1
  • 7