问题
I am trying to connect to all calendars on our G Suite domain through a service account.
I created a new project and enabled the Google Calendar API in the API and services page.
I created a Google service account with:
- A name
- Roles that seem applicable
- Generated json key file
- Enabled G Suite for whole domain
In the Service Account management page I took my ID (AAA@BBB.iam.gserviceaccount.com)
I entered the G Suite security module and went to ManageOauthClients page where I input the ID and selected google calendar API (https://www.googleapis.com/auth/calendar)
It identified my ID correctly and added:
1234567890 Calendar (Read-Write) https://www.googleapis.com/auth/calendar
Where 1234567890 is the ID that Google took from my AAA@BBB.iam.gserviceaccount.com input.
Now I added the nuget package for Google and the Calendar API and wrote the following code in a command line application in C#:
var scopes = new[] { CalendarService.Scope.Calendar };
ServiceAccountCredential credential;
using (Stream stream = new FileStream("ToprServiceAccount-xxxxyyyyy.json", FileMode.Open, FileAccess.Read, FileShare.Read))
{
credential = GoogleCredential.FromStream(stream).CreateScoped(scopes).UnderlyingCredential as ServiceAccountCredential;
}
var service = new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential
});
var list = service.CalendarList.Get("planning@mydomain.com").Execute();
I made sure that the calendar I asked for exists. It is the one from the account I used to actually perform all above steps.
But I still am getting the 404 error, meaning most likely that I don't have permission to access (my own) calendar.
Could it be role related? I am unsure what role(s) to pick when creating the service account.
Also when just trying to get the list of all calendars, it is an empty list.
回答1:
I found out what went wrong (source here: https://neal.codes/blog/google-calendar-api-on-g-suite/)
In G-Suite -> Apps -> Calendar -> General settings I had to enable the option to share all calendars and outsiders can change calendars
After go into any calendar and share the calendar with the service account email. That would be AAA@BBB.iam.gserviceaccount.com according to my sample in the question.
These two steps are as far as I can find not mentioned in the documentation. Just glad I got it working now!
回答2:
I would say check that you have used the correct Client ID for your ManageOauthClients section in G Suite. The ID in the service account email should be different to the Client ID that you need to use.
You can confirm that you have the correct Client ID in two ways:
- Go to your generated JSON keyfile. You can get the Client ID by looking at the
client_idkey value pair - In the Cloud Console, go to IAM & admin -> Service Accounts. The last column should be
Options. If you have provisioned Domain Wide Delegation (DwD) for the account, you should be to clickView Client IDwhich should take you to another screen where you can view your Client ID.
来源:https://stackoverflow.com/questions/49465963/google-service-account-not-being-authorized-for-calendar-api