I want my service account to impersonate one of the users in the GSuite. I have
- created a project via GCP
- enabled GMail API in the project
- added a service account to that project
- enabled the
domain-wide delegation
in the service account settings on theGCP
- added an
API Client
withservice account id
in advanced settings via Google Admin panel for theGSuite
While going through docs (java), I saw this
GoogleCredential credential = GoogleCredential.fromStream(new FileInputStream("MyProject-1234.json"))
.createScoped(Collections.singleton(SQLAdminScopes.SQLSERVICE_ADMIN))
.createDelegated("user@example.com");
Here they are specifying which user the service account should impersonate. This code is in java. I need to accomplish the same thing in nodejs.
While going through documentation of nodejs-client
for googleapis
, I found this:
const {google} = require('googleapis');
const auth = new google.auth.GoogleAuth({
keyFile: '/path/to/your-secret-key.json',
scopes: ['https://www.googleapis.com/auth/cloud-platform'],
});
and
const {google} = require('googleapis');
const oauth2Client = new google.auth.OAuth2(
YOUR_CLIENT_ID,
YOUR_CLIENT_SECRET,
YOUR_REDIRECT_URL
);
// set auth as a global default
google.options({
auth: oauth2Client
});
What is the difference between GoogleAuth
and OAuth2
here?
How do I set everything up so that my node.js application can access user@abc.xyz
mail via the service account?
How do I specify the email
I want to access via service account
?