TechQA.

Google+ Domains API via service account fails with 403 Forbidden

476 views Asked by At

I have a simple Ruby code that I combined from several examples. It uses Google+ Domain API. I followed all steps to authorize a service account (https://developers.google.com/+/domains/authentication/delegation), but my requests fail with 403 Forbidden:

{"error"=>{"errors"=>[
{"domain"=>"global", "reason"=>"forbidden", "message"=>"Forbidden"}], 
"code"=>403, "message"=>"Forbidden"}}

The same queries work fine if I execute them using Google APIs Explorer console. I think it's related to the service account vs. user account authentication. What did I miss?

The full code is here https://github.com/admitriyev/propellant/blob/master/main.rb

[edited] I added an installed app flow into the same code, and it worked fine (full code is on Gihub above). I still don't know what I missed in the service flow though.

ruby google-api-ruby-client google-domain-api
Original Q&A
1

There are 1 answers

0
Aleksey Dmitriyev On

I figured it out, I was missing the email of the actual domain user on behalf of whom it should be authorized. I also switched to use Google::APIClient::JWTAsserter which is a cleaner abstraction: 

client_asserter = Google::APIClient::JWTAsserter.new(
  config['client_email'],
  PLUS_LOGIN_SCOPE,
  key
)
$client.authorization = client_asserter.authorize(config['user_email'])

My full example is here: https://github.com/admitriyev/propellant/blob/master/main.rb

Related Questions in RUBY

Related Questions in GOOGLE-API-RUBY-CLIENT

Related Questions in GOOGLE-DOMAIN-API

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions