0

how can I exactly get google calendar resource list through service account?

Google docs (https://developers.google.com/admin-sdk/directory/reference/rest/v1/resources.calendars/list) states I need to send such request:

https://admin.googleapis.com/admin/directory/v1/customer/[CUSTOMER]/resources/calendars?key=[YOUR_API_KEY] HTTP/1.1 with header Authorization: Bearer [YOUR_ACCESS_TOKEN]

When I use Google API Explorer, then it asks me to login by my admin account and then returns list of resources. However when I try to do it manually, then I'm still getting Not Authorized to access this resource/api error.

I created service account, downloaded json file and then I'm trying this:

scope = 'https://apps-apis.google.com/a/feeds/calendar/resource/'
authorizer = Google::Auth::ServiceAccountCredentials.make_creds(json_key_io: File.open('path-to-service-account.json'), scope: scope)
authorizer.fetch_access_token!

Afterwards response looks like this:

{"access_token"=>"ya29.c.Kp8BFggA7me9IxxxxxxxxxxxxBGVdd0ezOTZqRMze7YH...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................", "expires_in"=>3599, "token_type"=>"Bearer"}

Not sure if I should use access_token with all those dots. However then I'm trying to do this GET request:

https://admin.googleapis.com/admin/directory/v1/customer/[CUSTOMER]/resources/calendars?key=[YOUR_API_KEY] HTTP/1.1

I set CUSTOMER as a short string like Cxxxxxx2x (found in console), but then I have a problem with key and Authorization. Should key be value found in Google Console > Service Accounts > Service Account Key ID (around 40 letters in hex format)? And then should I set Authorization: Bearer as access_token with or without dots? I found somewhere, that there should be access_token in path but as a jwt (access_token.as_jwt) but it is not working either.

Any ideas what I'm doing wrong when API Explorer works? :)

Tomasz Cieńciała
  • 21
  • 3
  • Forgot to mention - I shared my admin calendar to service account calendar. – Tomasz Cieńciała Oct 22 '21 at 23:39
  • Check out https://stackoverflow.com/questions/61744176/creating-google-calendar-events-with-a-gcp-service-account/61778053#61778053 and https://stackoverflow.com/questions/61915432/google-oauth-using-domain-wide-delegation-and-service-account/61932919#61932919 see if that helps. – Rafa Guillermo Oct 25 '21 at 07:20

0 Answers0