Google Workspace API - List group members via REST api

Question

I'm trying to use rest to list the members of a google workspace group via the rest api. Steps:

Created a service account
Delegated the scope https://www.googleapis.com/auth/admin.directory.group.readonly
Used the private key to generate an OAuth2 token
curl -v -H "Accept: application/json" -H "Authorization: Bearer $TOKEN" https://admin.googleapis.com/admin/directory/v1/groups\?userKey\=user@my-domain.com\&maxResults\=20

But I always get the same response:

{
  "error": {
    "code": 404,
    "message": "Domain not found.",
    "errors": [
      {
        "message": "Domain not found.",
        "domain": "global",
        "reason": "notFound"
      }
    ]
  }
}

What am I missing?

score 1 · Answer 1 · answered Jul 09 '23 at 16:58

1

thanks to Not able to call directory APIs I figured it out. Needed to add the claim "sub" with the value of the email address of the user my service account token was bound to to the token exchange JWT and works!

answered Jul 09 '23 at 16:58

mlbiam

415
4
17

Google Workspace API - List group members via REST api

1 Answers1