1

As per different threads here on stackoverflow, it seems that I can create a service account for any regular gmail account. But cannot assign permissions from the domain admin panel.

Can anyone confirm if ServiceAccount can be used to download Emails from any regular gmail account?

If I use the following code:

    ServiceAccountCredential credential = new ServiceAccountCredential(
        new ServiceAccountCredential.Initializer(serviceAccountEmail)
        {
            User = userEmail,
            Scopes = new string[] { Gmail.v1.GmailService.Scope.GmailReadonly }
        }.FromCertificate(certificate)
    );

then I get the following error:

{"Error:\"unauthorized_client\", Description:\"Unauthorized client or scope in request.\", Uri:\"\""}

And If I remove the User object from the ServiceAccountCredential constructor then the error is gone. But have the following error when I use any google service:

{"Google.Apis.Requests.RequestError\r\nBad Request [400]\r\nErrors [\r\n\tMessage[Bad Request] Location[ - ] Reason[failedPrecondition] Domain[global]\r\n]\r\n"}

I did set the 'Viewer' role for the service account from the developer console and enabled the google APIs. Is this anyway related to domain account or permissions for the domain account?

Full Code is as following:

String serviceAccountEmail = "gmailscraperserviceaccount2@gmailscraper-1221.iam.gserviceaccount.com";

            var certificate = new X509Certificate2("key2.p12", "notasecret",
                X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

            string userEmail = "abc@gmail.com";

            ServiceAccountCredential credential = new ServiceAccountCredential(
                new ServiceAccountCredential.Initializer(serviceAccountEmail)
                {
                    Scopes = new string[] { Gmail.v1.GmailService.Scope.GmailReadonly }
                }.FromCertificate(certificate)
            );

            if (credential.RequestAccessTokenAsync(CancellationToken.None).Result)
            {
                Google.Apis.Auth.OAuth2.Responses.TokenResponse toke = credential.Token;
                GmailService gs = new GmailService(
                    new Google.Apis.Services.BaseClientService.Initializer()
                    {
                        ApplicationName = "TestApp",
                        HttpClientInitializer = credential
                    }
                );

                UsersResource.MessagesResource.ListRequest allMessageRequest = gs.Users.Messages.List(userEmail);
                Google.Apis.Gmail.v1.Data.ListMessagesResponse response = allMessageRequest.Execute();
Rahatur
  • 3,147
  • 3
  • 33
  • 49
  • Password is not necessary as we are using oAuth and getting the token. I have added the full code block to give a clearer picture. – Rahatur Feb 16 '16 at 23:20
  • Possible duplicate of [Can we access GMAIL API using Service Account?](http://stackoverflow.com/questions/24779138/can-we-access-gmail-api-using-service-account) – Linda Lawton - DaImTo Feb 19 '16 at 12:20
  • How is this duplicate? This one is to confirm if Service account can be used for regular gamil account to download contacts, emails etc. or it has to be used with a domain account. The code sample is to point that there are errors with valid codes. other thread that you pointed is more technical like how to use the service account. – Rahatur Feb 20 '16 at 01:25

0 Answers0