func (s *Sync) GetGoogleAccounts() error {
ctx := context.Background()
creds, err := google.CredentialsFromJSON(ctx, []byte(s.GoogleApiToken),
admin.AdminDirectoryUserScope,
admin.AdminDirectoryGroupScope,
admin.AdminDirectoryUserschemaScope,
admin.AdminDirectoryGroupMemberScope,
admin.AdminDirectoryDomainScope,
admin.AdminDirectoryCustomerScope,
)
if err != nil {
return fmt.Errorf("Unable to parse client secret file to config: %v", err)
}
if creds == nil {
return fmt.Errorf("Unable to retrieve directory Client")
}
service, err := admin.NewService(ctx, option.WithCredentials(creds))
if err != nil {
return fmt.Errorf("Unable to retrieve directory Client %v", err)
}
if service == nil {
return fmt.Errorf("Unable to retrieve directory Client")
}
cus, err := service.Customers.Get(s.CustomerID).Do()
if err != nil {
return fmt.Errorf("Unable to retrieve directory Client %v", err)
}
s.L.Info().Str("name", cus.Id).Msg("Found customer")
userList, err := service.Users.List().ViewType("domain_public").Customer(s.CustomerID).Do()
if err != nil {
return fmt.Errorf("Unable to retrieve users in domain: %v", err)
}
for _, user := range userList.Users {
s.L.Info().Str("email", user.PrimaryEmail).Msg("Found user")
}
return nil
}
I dont know whats wrong here, i went through all the trouble shooting steps i could find. What i did:
- Create new service account under our company domain, give it admin access
- the user it was created it has access to all domains
- added the required scopes to the service account under domain wide delegation
The code returns the follwing:
2023-08-27 20:37:40 INF Found customer name=**hidden**
2023-08-27 20:37:41 ERR Error getting users error="Unable to retrieve users in domain: googleapi: Error 403: Not Authorized to access this resource/api, forbidden"
It gets the customer ID correctly but no matter what i do it cant access the user list. What am i missing here?
