Getting a 403 - Forbidden for Google Service Account

google-api google-apps google-oauth google-api-java-client google-oauth-java-client
25,427

Solution 1

You need to set an admin account with:

.setServiceAccountUser(some_admin_email)

And make sure your App (with the correct scopes) is granted access in the cpanel.

Solution 2

Proceed to https://admin.google.com . Login and add Security control if not exists from More Controls. Click on Security->Advance Settings->Manage ThirdParty OAuth Client Access and check that those scopes are added(comma separated) for your xxxxxxxxxxxxxxxxxx.apps.googleusercontent.com service account id/client id.

Share:
25,427
Sayali
Author by

Sayali

LinkedIn: https://www.linkedin.com/in/sayali-mahajan-2098124 Software Developer with 8 years of software industry experience; designed and built various product components from scratch and mentored intra and inter team members Languages: Java, C/C++,JSF, XML, XHTML, JavaScript, Ext-JS, N3, FOAF Tools & Editors: Microsoft Visual Studio, Eclipse, GitHub, BugZilla, Rally, BMC Remedy, Perforce Used: IBM Lotus C APIs, IBM Notes Java APIs, Google Apps REST APIs, Google OAuth2.0, JSON, WebEx XML APIs, BMC Remedy Java APIs, GoToMeeting REST APIs, RDF Contributor: Stack Overflow WORK EXPERIENCE - SailPoint Technologies (India) Pvt. Ltd. Jan ’11 – July ‘16 Senior Software Engineer Part of the team which worked on IdentityIQ (IIQ) 5.2, 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 using Agile Methodology Developed and maintained connectors for managed systems like Lotus Notes, Google Apps, WebEx, GoToMeeting, BMC Remedy & Remedy ITSM, and LDAP Servers Explored and worked on multiple technologies and handled multiple products simultaneously Mentored fellow and other team’s members Trained Quality Assurance and Customer Support teams Communicated with other team’s members to get better understanding of their products and faster resolution of product and customer issues Debugged and fixed issues in the upper layers of connector Created design documents, admin guide, release notes, patch notes, troubleshooting guides Created and maintained product backlogs L4 support for connectors with excellent customer satisfaction Worked on User Stories related to IIQ using JSF, C#, JavaScript, Ext-JS etc. BMC Software (India) Pvt. Ltd. Jul ’08 – Jan ’11 Junior Product Developer Developed and maintained product - BMC Provisioning Module for IBM Lotus Notes Part of the team which developed crucial component, Provisioning Engine – II, which was a part of IIQ 5.2. The component could communicate between SailPoint’s product, IdentityIQ and BMC Software’s product, Control-SA Trained Quality Assurance and Customer Support team on working of managed system and connector PROFESSIONAL ACHIEVEMENTS – SPOT Award for significant contribution towards development of Provisioning Engine – II and Google Apps Connector SPOT Award for significant contribution towards Lotus Domino direct connector and great effort on supporting critical customer production issues SPOT Award for contribution towards Remedy & ITSM direct connector, identifyingfixing issues above connector layer on IdentityIQ side SPOT Award for contribution towards Azure AD connector, implementation of password reset functionality for LDAP, and Varonis Integration Team Award for completing crucial Azure AD connector in limited period of time by taking up additional tasks and working in cross functional teams to meet the set goals

Updated on April 24, 2020

Comments

  • Sayali
    Sayali about 4 years

    I am trying to get an access token for Google Service Account. Following is my code -

    String SERVICE_ACCOUNT_EMAIL = "[email protected]";
List scope = new ArrayList();
scope.add("https://www.googleapis.com/auth/admin.directory.user");
String keyFile = "C:\\edited-privatekey.p12";
HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
JsonFactory JSON_FACTORY = new JacksonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(scope)
.setServiceAccountPrivateKeyFromP12File(new java.io.File(keyFile))
.build();

credential.refreshToken();
String accessTokens = credential.getAccessToken();

    Although the code works fine and I do get an access token, when I try to use it to 'GET' a Google Apps User using the Google Directory APIs, I get a 403 - Forbidden response code. Could someone please help?
    I know the code for GET user is correct because it works fine with the access token generated by Google Apps Admin.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Where can I get Google developer key
OAuth2 and Google API: access token expiration time?
Google Calendar API - skip prompt after user gives consent
Gmail API: How to get access token?
Remove Resource (e.g. conference room) from an Event using Google Calendar API
POSTMAN, OAuth2 and Google Directory API
Unable to refresh OAuth2 token in PHP, invalid grant
Google Directory API returns Not Authorized when call users().list().execute()
redirect_uri_mismatch the redirect URI in the request does not match the ones authorized for the OAuth client
How I can get user info profile from Google API?