问题
I want to get and set auto forwarding details for a user in the company domain. My admin made me a delegated admin so that I can fetch user data using AdminDirectory.Users.
However, when I try to fetch auto-forwarding/Label/Filter data for a user using their userID, the following error is thrown :
Delegation denied for some.user@domain.com
This is the line that evoked the error :
var labels = Gmail.Users.Labels.list(user.id);
It seems that this can be carried out by delegating domain-wide authority to a Service Account. However, when I tried the steps highlighted in this link : Link , the page asked me to select a project.
This script doesn't feature in those projects, I am not sure if it is because it is bound to Google Forms.
Any suggestions on how to give the same domain-wide authority privileges to this script?
Please help!!
回答1:
To create a service account for the Google script:
- Start in the Google Script IDE itself and from the menu choose Resources > Developer Console Project...
- Click on the link labeled "This script is currently associated with project:" located near the top of the dialog.
- From there click Credentials in the left navigation and then Create credentials > Service account key follow the flow to create a service account - for Role, choose Project > Service account actor.
- You can then use the private key and client id from the downloaded .json file in your Google Script.
Note: You'll need to:
- Get the G Suite domain admin to set up your client_id with the scopes you want. https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
- Use the Gmail API via UrlFetch because you can't make the Gmail advanced service use a different OAuth token. You can use the OAuth2 library for that and follow this example: https://github.com/googlesamples/apps-script-oauth2/blob/master/samples/GoogleServiceAccount.gs
回答2:
First, make sure that you enable the domain-wide delegation for your service account which is stated in the link that you provide. Because the service account that you created needs to be granted access to the Google Apps domain’s user data that you want to access.
Also in your Apps Script code, go to the Resource -> Advance Google Service, make sure you enable all the Google Service that you use for your application that you create here.
For more information, check these threads:
Perform Google Apps Domain-Wide Delegation of Authority
Delegation Denied for ""
Trouble Implementing OAuth in Google Apps Script (Using Domain-Wide Delegation)
来源:https://stackoverflow.com/questions/39626475/delegate-domain-wide-authority-for-a-script-bound-to-google-forms