Access granted : false #354
Description
Hello,
I have an issue with the usage of this library aiming at using a service account with a wide delegation on corporate email. I'd like to generate a token usable to proceed to an api call made in the name of one of my user using AppScrit (impersonate).
I proceed to the previous steps below :
- Create a service account
- Authorize the client_id on Admin console for the dedicated api scope on wide delegation
- Create and download a JSON key attached to that service account
- Enable the dedicated API on the GCP project (Google Analytics API)
It is only working when the setIssuer(...............) and .setSubject(...............) are with the json.client_email.
Do you know how to handle such requests with App script ? How can I make a such a call ?
Sample of the test code :
function getUserToken() {
var json = {
"type": "service_account",
"project_id": "....................",
"private_key_id": "....................",
"private_key": "....................",
"client_email": "....................",
"client_id": "....................",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "....................",
"client_x509_cert_url": "...................."
}
var service = getOAuthService(json);
service.reset();
Logger.log(service.getAccessToken());
if (service.hasAccess()) {
Logger.log(service.getAccessToken());
}
}
function getOAuthService(json) {
return OAuth2.createService("Service Account")
.setTokenUrl('https://accounts.google.com/o/oauth2/token')
.setPrivateKey(json.private_key)
.setIssuer(json.client_email)
.setSubject("....................")
.setPropertyStore(PropertiesService.getScriptProperties())
.setParam('access_type', 'offline')
.setScope('https://www.googleapis.com/auth/analytics.readonly');
}
function reset(json) {
var service = getOAuthService(json);
service.reset();
}