发表新帖
发表新帖

Receiving Insufficient Permission error from DirectoryService

前端 未结
关注
4 1436
执笔经年
执笔经年 2021-01-12 08:00

I am trying to setup c# code to manage our Google domain.

I am receiving this error whenever I call service.Users.List() or any other method from the DirectoryServic

相关标签:
4条回答
  • 甜味超标
    2021-01-12 08:28

    Here is my working credentials code:

    using (var stream =
    new FileStream("client_secret.json", FileMode.Open, FileAccess.Read))
    {
        string credPath = System.Environment.GetFolderPath(
            System.Environment.SpecialFolder.Personal);
            credPath = Path.Combine(credPath, ".credentials/calendar-dotnet-quickstart.json");

            UserCredential credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
                GoogleClientSecrets.Load(stream).Secrets,
                new string[] { CalendarService.Scope.Calendar },
                "username@gmail.com",
                CancellationToken.None,
                new FileDataStore(credPath, true)).Result;
            Console.WriteLine("Credential file saved to: " + credPath);
        }

    Make sure to Enable the API in the Console,

    0 讨论(0)
  • 执念已碎
    2021-01-12 08:34

    Scopes

    It appears that you are trying this Quickstart:

    • .NET Quickstart for Directory API

    However, the scope(s) used in that tuturoial are:

    new [] { DirectoryService.Scope.AdminDirectoryUserReadonly };

    However, in the code your posted code you have:

    new[] { DirectoryService.Scope.AdminDirectoryOrgunit, DirectoryService.Scope.AdminDirectoryUser },

    Tokens

    After you change your scopes (shown above), you may have to delete your OAuth2 token, and then re-authorize access for your application. (Unless you haven't done the "authorize access" step yet.)

    \token.json\Google.Apis.Auth.OAuth2.Responses.TokenResponse-user

    Enable APIs

    Also, as I think you already discovered, enabling the Directory API is different process than enabling the Gmail API (and found at different URLs)

    Enable Directory API

    Enable Gmail API

    0 讨论(0)
  • 长情又很酷
    2021-01-12 08:42

    2 options:

    1. You didn't include the right Scope. Are you sure that DirectoryService.Scope.AdminDirectoryOrgunit, DirectoryService.Scope.AdminDirectoryUser are enough?
    2. Did you enable the API in the Console? More information is available at: https://developers.google.com/api-client-library/dotnet/get_started#auth, Look for your project in https://console.cloud.google.com/project and make sure that you enabled the Directory Admin API.

    Please update this thread if one of these options worked or something else is still missing for you.

    0 讨论(0)
  • 没有蜡笔的小新
    2021-01-12 08:46

    The doc at url https://developers.google.com/gmail/api/quickstart/dotnet has scope set as static string[] Scopes = { GmailService.Scope.GmailReadonly }; set it as GmailService.Scope.MailGoogleCom and then continue with the flow as specified in the document.It was a bummer i was editing the scope in my token respnse file

    0 讨论(0)
 看不清?
提交回复
热议问题