0

I face this error: 403: Not Authorized to access this resource/api when I try to access a list of users from the Directory API. I've followed the steps found here.

  • The domain on google admin console has the same name as the organization in the google API
  • The Admin SDK is enabled
  • The service account is allowed in the API access manager
  • The authentication works and I have a token

Here's the code I use:

const google = require('googleapis').google;
const directory = google.admin('directory_v1');

const key = require('./creds.json');
const scopes = [ "https://www.googleapis.com/auth/admin.directory.user", "https://www.googleapis.com/auth/admin.directory.group", "https://www.googleapis.com/auth/admin.directory.orgunit"]

jwtOptions = {
  email: key.client_email,
  key: key.private_key,
  scopes: scopes,
}

const jwtClient = new google.auth.JWT(jwtOptions)

jwtClient.authorize( (err, tokens) => {
  if (err) {
    console.log(err);
    return;
  }

  // Make an authorized request to list Drive files.
  directory.users.list({
    auth: jwtClient,
    domain: 'mydomain.com',
  }, (err, resp) => {
    if (err) {
      console.log('error')
      console.log(err.errors)
    } else {
      console.log('success')
    }
  });
});

What have I missed?

Chris
  • 1,206
  • 2
  • 15
  • 35
Vincent
  • 483
  • 4
  • 16

2 Answers2

0

After delegation, you must authorize your service account by going to Security > Advanced Settings > Manage API client access, and then adding the id of your service account and scopes divided by commas.

You should wait for 24 hours, then you can use your service account for the directory api, since Google has a time delay in place.

Chris
  • 1,206
  • 2
  • 15
  • 35
Petr Filippov
  • 11
  • 3
-1

Finally, we tried to switch to another language (PHP), and the code works. It looks like there's an issue with Google Node SDK, and we've reported it.

Vincent
  • 483
  • 4
  • 16