Creating events using the Google Calendar API and Service Account

问题

So I have setup my service account with domain wide delegation as described in this post Perform G Suite Domain-Wide Delegation of Authorit. In G Suite Admin Console I have authorized the service account to use the OAuth 2.0 scope:

https://www.googleapis.com/auth/calendar. 

Every time I try to create an event I end up with this error

GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "calendar",
"message" : "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority.",
"reason" : "forbiddenForServiceAccounts"
} ],
"message" : "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority."
}

new GoogleCredential.Builder()
      .setTransport(HTTP_TRANSPORT)
      .setJsonFactory(JSON_FACTORY)
      .setServiceAccountId(json.get("client_id").getAsString)
      .setServiceAccountPrivateKeyId(json.get("private_key_id").getAsString)
      .setServiceAccountPrivateKey(getPrivateKeyFromPkcs8(jsonCreds.get("private_key").getAsString))
      .setServiceAccountScopes(SCOPES)
      .build()

This building the google credential. No impersonation is used, and the calendar is shared with the service account.

回答1:

Service accounts are their own user. They have their own Google calendar account.

If you want to give a service account access to another calendar there are two ways of doing that.

1. you could share the calendar with the Service account this will give it access to the calendar like any other user. When creating events they will be created by the service account.

2. If you have a gsuite account as you do then you can use domain wide delegation which will allow the service account to impersonate another user then when the service account creates events the event will be created by that user.

I hope this helps to clear things up for you a bit.

回答2:

Contacted G Suite support and any service accounts made after March 2, 2020 will no longer be able to invite guests to events without using impersonation.

来源：https://stackoverflow.com/questions/61473708/creating-events-using-the-google-calendar-api-and-service-account