Google admin directory insert user

Question

I am trying to insert a user account through this api using gem 'google-api-client 0.11.1'.

I have done the following:

1. Enabled API access
2. Enabled service account domain wide delegation
3. Authorized the scope urls for this service account's client id

The code works with the other domain, but for the other account it throws this error:

{
 "error": "unauthorized_client",
 "error_description": "Client is unauthorized to retrieve access tokens using this method."
}

Here's my code:

SCOPES = ['https://www.googleapis.com/auth/admin.directory.user'
, 'https://www.googleapis.com/auth/admin.directory.group.readonly']
    ENV['GOOGLE_APPLICATION_CREDENTIALS'] = 'expa-email-c2938bce41f9.json'
 service = Google::Apis::AdminDirectoryV1::DirectoryService.new
  authorization = Google::Auth.get_application_default(SCOPES)
  authorization.sub = user_email
  authorization.fetch_access_token!
  service.authorization = authorization
  service

How can I resolve this?

Answer 1

Based from this thread, a service account is a dummy user. For a service account to be able to access your account it needs to be preauthorized. You authorize the service account just like you would any other user. You may check this sample code.

Additional reference:

• Client is unauthorized to retrieve access tokens using this method Gmail API C#

  The service account needs to be authorized or it cant access the emails for the domain.

  "Client is unauthorized to retrieve access tokens using this method"

  Means that you have not authorized it properly check Delegating domain-wide authority to the service account