I know that this question has been asked before
Google Admin sdk directory 403
Getting a 403 - Forbidden for Google Service Account
but I've tried all of the solutions suggested and this still won't work for me.
So. My code looks like this:
public static Directory getDirectoryService(String userEmail)
throws GeneralSecurityException, IOException, TokenResponseException {
HttpTransport httpTransport = new NetHttpTransport();
JacksonFactory jsonFactory = new JacksonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_GROUP,
DirectoryScopes.ADMIN_DIRECTORY_USER,
DirectoryScopes.ADMIN_DIRECTORY_DOMAIN))
.setServiceAccountUser(userEmail)
.setServiceAccountPrivateKeyFromP12File(
new java.io.File(SERVICE_ACCOUNT_PKCS12_FILE_PATH))
.build();
Directory service = new Directory.Builder(httpTransport, jsonFactory, null)
.setHttpRequestInitializer(credential).build();
return service;
}
When I call this routine, passing a Super Admin email address to it, it appears to run successfully. But If I debug before I return from this call I can see that the AccessToken is null. I know the credentials are sound, because the same application is already using the Drive API successfully with this service account and P12 file.
Then, my actual calls to the API look like this:
Directory directory = getDirectoryService("my super user email");
// Print the first 10 users in the domain.
Directory.Users.List list = directory.users().list();
list.setDomain("integrity.co.uk");
list.setMaxResults(10);
list.setOrderBy("email");
Users result = list.execute();
List<User> users = result.getUsers();
But when I get to the list.execute() line the application crashes out:
Exception in thread "main" java.lang.NullPointerException
at com.google.api.client.repackaged.com.google.common.base.Preconditions.checkNotNull(Preconditions.java:191)
at com.google.api.client.util.Preconditions.checkNotNull(Preconditions.java:127)
at com.google.api.client.json.jackson2.JacksonFactory.createJsonParser(JacksonFactory.java:96)
at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:85)
at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:81)
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:88)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:268)
at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:859)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)
at googleImageUploader.googleImageUploader.main(googleImageUploader.java:162)
Other threads suggest:
Making sure organisation-wide admin access is delegated to this service account in the Admin Console - it definitely is with the scopes:
https://www.googleapis.com/auth/admin.directory https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/drive
Making sure a service account user is specified (which it is, and this user is definitely a Super Admin).
I'm tearing my hair out - can anyone help?!
Thanks.
