英文:
Google Cloud Console shows Client is unauthorized to retrieve access tokens using this method in python
问题
I saw so many question relating to this GCP issue, none of it helped. I have created service account and added to "Manage Domain-wide delegation" with scopes. But I still get this error Client is unauthorized to retrieve access tokens using this method or client not authorized for any of the scopes requested.
code is below:
from google.oauth2 import service_account
SCOPES = [
"https://www.googleapis.com/auth/admin.directory.user",
"https://www.googleapis.com/auth/admin.directory.domain.readonly",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.send",
"https://www.googleapis.com/auth/gmail.insert",
"https://www.googleapis.com/auth/gmail.settings.sharing",
]
SERVICE_ACCOUNT_FILE = '/PATH/TO/FILE/credentials.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES, )
delegated_credentials = credentials.with_subject('email')
service = build('admin', 'directory_v1', credentials=delegated_credentials)
def main():
print("Getting the first 10 users in the domain")
results = (
service.users()
.list(customer="customer_id", maxResults=10, orderBy="email")
.execute()
)
users = results.get("users", [])
print(users)
英文:
I saw so many question relating to this GCP issue, none of it helped. I have created service account and added to "Manage Domain-wide delegation" with scopes. But I still get this error Client is unauthorized to retrieve access tokens using this method or client not authorized for any of the scopes requested.
code is below:
from google.oauth2 import service_account
SCOPES = [
"https://www.googleapis.com/auth/admin.directory.user",
"https://www.googleapis.com/auth/admin.directory.domain.readonly",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.send",
"https://www.googleapis.com/auth/gmail.insert",
"https://www.googleapis.com/auth/gmail.settings.sharing",
]
SERVICE_ACCOUNT_FILE = '/PATH/TO/FILE/credentials.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES, )
delegated_credentials = credentials.with_subject('email')
service = build('admin', 'directory_v1', credentials=delegated_credentials)
def main():
print("Getting the first 10 users in the domain")
results = (
service.users()
.list(customer="customer_id", maxResults=10, orderBy="email")
.execute()
)
users = results.get("users", [])
print(users)
答案1
得分: 1
委托意味着冒充另一个身份。此行代码中身份credentials.with_subject('email')具备什么权限?该身份需要对相关的Google Workspace帐户拥有超级管理员访问权限。此外,用户必须至少登录一次并接受Google Workspace服务条款。
英文:
Delegation means impersonating another identity. What permissions does the identity in this line of code have credentials.with_subject('email')? The identity needs super administrator access to the relevant Google Workspace account.
Additionally, the user must have logged in at least once and accepted the Google Workspace Terms of Service.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论