0

I have a service account created and given DwD with necessary scopes.

https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/cloud-platform.read-only
https://www.googleapis.com/auth/cloudplatformprojects.read-only
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/apps.groups.settings

I am trying to access Google API services of CloudResourceManager API , IAM API and Admin SDK API(through admin impersonation), in the same Python program. I am getting an Unauthorized_Client error when I use Admin service.

('unauthorized_client: Client is unauthorized to retrieve access tokens using this 
method.', u'{"error" : "unauthorized_client", "error_description" : "Client is 
unauthorized to retrieve access tokens using this method."}')

However, If I use only Admin API without other APIs, it works strangely. Is it something to do with the scopes overlap? Thanks in Advance.

@DalmTo Tried in these two ways for authentication 1)

from google.oauth2 import service_account
credentials = Service_account.Credentials.from_service_account_file("keys.json", scopes=scopes)

from oauth2client.service_account import ServiceAccountCredentials
credentials = ServiceAccountCredentials.from_json_keyfile_name("Keys.json", scopes=scopes)
pras123
  • 63
  • 8
  • Does [this](https://developers.google.com/identity/protocols/oauth2/service-account#error-codes) help? – Atef Hares Feb 24 '22 at 13:01
  • please edit your question and include your authorization code. – Linda Lawton - DaImTo Feb 24 '22 at 14:54
  • Have you checked on the error mentioned on the first comment? Also, have you tried using the script but only for one API at the time to check if the credentials and scopes are good for all of them? – Kessy Feb 24 '22 at 15:12
  • Thanks for the replies. As per atef H , The Service Acccount ID in the DwD of Admin console has been changed to Numeric instead of name. However, I still get the same error. Problem appears to be how the Google API internally handles the OAuth and JWT tokens refresh. May be due to a stale token? Scopes and credentials are fine and the programs run individually with respective APIs with their scopes. – pras123 Feb 25 '22 at 06:43
  • @DalmTo edited the question with more details. Thanks. – pras123 Feb 25 '22 at 07:04
  • What do you mean by `Problem appears to be how the Google API internally handles the OAuth and JWT tokens refresh`? If possible share the full code you are using. – Kessy Mar 03 '22 at 10:16
  • Long time no see. Sorry. I left that org I was working and went on a vacation. I totally forgot the context. Appreciate your interest in this question. I will be back . – pras123 Feb 09 '23 at 17:41

0 Answers0