How do I access the Google Calendar APIs using a service account on behalf of another user? (Using Scala/Java)

Question

I am currently creating an app to help people schedule onto my Google Calendar. To do this I would like to use a Google Service account to access my personal calendar. I have added the service account and given it the Google Calendar permissions. I then add the following code...

  @RequestMapping(path = Array("/"), method = Array(GET))
  def root(): String = {
    val credentials: GoogleCredentials = GoogleCredentials
      .fromStream(new FileInputStream("C:\\...\\me.json"))
      .createScoped(Collections.singleton(CalendarScopes.CALENDAR_READONLY))
    credentials.refreshIfExpired()
    val HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport
    val calendar = new Calendar.Builder(HTTP_TRANSPORT, JSON_FACTORY, new HttpCredentialsAdapter(credentials))
      .setApplicationName(appName)
      .build()
    calendar.calendars().get("primary").execute().getSummary
  }

This works but only returns the service account email, I would like a user's info. So I pass my email like this...

    val credentials: GoogleCredentials = GoogleCredentials
      .fromStream(new FileInputStream("C:\\...\\me.json"))
      .createDelegated("me@gmail.com")
      .createScoped(Collections.singleton(CalendarScopes.CALENDAR_READONLY))

But when I run this I get a 401 (presumably because I haven't given Google permissions to share with this SA). How would I tell Google to allow this service account to delegate my user info?

Bonus

Would there be a way to allow other users to grant permissions?
I am authenticating with Google through Auth0 so would I need to use the management console or something like that?

You probably need to protect your app with Google sso so that users have to login to their Google account and accept to share some info first, and then you'll have access somehow to some infos through oauth I believe. In short: you need to look for authenticating users and accessing their info. — Gaël J, Apr 23 '23 at 07:48
Adding that the service account you created will only be used by your server code. It doesn't have to be linked in anyway to the users of your service. IMHO. — Gaël J, Apr 23 '23 at 07:49
It is already using Google SSO via Auth0 and I can get an indv Google IDP access token. But since this is mainly to manage 1 account I was hoping I could delegate access and avoid the extra calls. From what I have read this is available if you are using Google Workspace (?) product but not for social login. — Jackie, Apr 23 '23 at 13:28
Also I need it to let others add items to my calendar so even the social login access token wont help. I basically need the service account to be able to access my calendar via delegated permissions — Jackie, Apr 23 '23 at 13:30

score 2 · Accepted Answer · answered Apr 23 '23 at 13:52

This was solved similarly to this question

In the calendar settings allow the service access to your account...

Once added you can access the calendar using the email instead of primary...

  def getCalendarSummary = {
    val credentials: GoogleCredentials = GoogleCredentials
      .fromStream(new FileInputStream(keyLocation))
      .createScoped(Collections.singleton(CalendarScopes.CALENDAR_EVENTS))
    credentials.refreshIfExpired()
    val HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport
    new Calendar.Builder(
      HTTP_TRANSPORT,
      JSON_FACTORY,
      new HttpCredentialsAdapter(credentials)
    )
      .setApplicationName(appName)
      .build()
      .calendars()
      .get("person@gmail.com")
      .execute()
      .getSummary
  }

The service account can now add and remove events

How do I access the Google Calendar APIs using a service account on behalf of another user? (Using Scala/Java)

1 Answers1