Not able to watch Admin Users Directory using `google-admin-sdk`

Question

I am trying to connect to the G-Suite\'s User directory using the google-admin-sdk. I am using an API Key for authorization and I am not able to reach a successful execution

Answer 1

As you can see in the official documentation, every request sent "to the Directory API must include an authorization token". In order to authorize your request, you have to use OAuth 2.0.

You are providing an API key instead, which is not appropriate for this process. API keys are usually used for accessing public data, not users' private data as in your current situation.

You should follow the steps provided in the Node.js Quickstart instead:

• First, obtain client credentials from the Google API Console.
• Second, authorize the client: obtain an access token after setting the user credentials and the appropriate scopes (a process accomplish in functions authorize and getNewToken in the Quickstart).
• Finally, once the client is authorized, call the API (function listUsers).

Update:

If you want to use a Service Account for this, you will have to follow these steps:

• Grant domain-wide delegation to the Service Account by following the steps specified here.
• In the Cloud console, create a private key for the Service Account and download the corresponding JSON file. Copy it to your directory.
• Use the Service Account to impersonate a user who has access to this resource (an Admin account). This is achieved by indicating the user's email address when creating the JWT auth client, as indicated in the sample below.

The code could be something along the following lines:

const {google} = require('googleapis');
const key = require('./credentials.json'); // The name of the JSON you downloaded

const jwtClient = new google.auth.JWT(
  key.client_email,
  null,
  key.private_key,
  ['https://www.googleapis.com/auth/admin.directory.user'],
  "admin@domain" // Please change this accordingly
);

// Create the Directory service.
const service = google.admin({version: 'directory_v1', auth: jwtClient});

service.users.list({
  customer: 'my_customer',
  maxResults: 10,
  orderBy: 'email',
}, (err, res) => {
  if (err) return console.error('The API returned an error:', err.message);

  const users = res.data.users;
  if (users.length) {
    console.log('Users:');
    users.forEach((user) => {
      console.log(`${user.primaryEmail} (${user.name.fullName})`);
    });
  } else {
    console.log('No users found.');
  }
});

Reference:

• Directory API: Authorize Requests
• Directory API: Node.js Quickstart
• Delegate domain-wide authority to your service account
• Google Auth Library for Node.js

I hope this is of any help.