Creating Google Calendar events with a GCP Service Account

这一生的挚爱 提交于 2020-11-25 03:44:28

问题


I would like to rig things so that my GCP service account can invite users to calendar events. So for example my-service-account@myproject.iam.gserviceaccount.com would invite user@myCorporation.com to an event. It seems to me that this should be possible simply by giving my-service-account@myproject.iam.gserviceaccount.com permission to use the Calendar API, without having user@myCorporation.com grant any additional permissions.

I tried to implement this example, but replaced the compute scope and the compute API calls with the calendar scope and calendar API calls. My code is returning the error

Insufficient Permission: Request had insufficient authentication scopes.

I've poked around on the internet a bunch, and I cannot tell if the problem is that I did something wrong or if the problem is that Google does not support what I'm trying to do.

I would greatly appreciate any insight.

Here is my code:

const {google} = require('googleapis');
const compute = google.compute('v1');

const {GoogleAuth} = require('google-auth-library');

async function main() {
  const auth = new GoogleAuth({
    scopes: ['https://www.googleapis.com/auth/calendar',
      'https://www.googleapis.com/auth/compute']
  });

  //keeping the compute stuff in as a sanity check
  //to ensure that the problem is with calendar, not something more general
  const authClient = await auth.getClient();
  const project = await auth.getProjectId();
  const res = await compute.zones.list({project, auth: authClient});
  console.log(res.data);

  createEvent(auth);
}

/**
 * Lists the next 10 events on the user's primary calendar.
 * @param {google.auth.OAuth2} auth An authorized OAuth2 client.
 */
function createEvent(auth) {
  const calendar = google.calendar({version: 'v3', auth});
  calendar.events.insert({
        calendarId: 'primary',
        event: {
          "description": "my test event",
          "start": {
            "date": "2020-05-20",
          },
          attendees: [{email: "myGuest@mailinator.com"}]
        }
      }
  );
}

main().catch(console.error);

回答1:


Answer:

You need to enable the APIs and provide scopes in three places: in your auth code, in the GCP console, and the Google Admin console.

More Information:

As I explained in the comments, the code you have provided should run without issue. The Insufficient Permission: Request had insufficient authentication scopes. error is a result of the service account not being given access to the required scopes somewhere on Google's side.

Make sure you have completed the following steps:

  1. Provided the scopes in the application as an auth object (which you have already done):
const auth = new GoogleAuth({
    scopes: ['https://www.googleapis.com/auth/calendar',
      'https://www.googleapis.com/auth/compute']
  });
  1. Enabled the Calendar API in the GCP console for your Service Account GCP Project.
  2. Provided the required scopes for your service account in the OAuth consent screen settings in GCP.
  3. Added the required scopes to the service account in the Google Admin console. This is done by following the Security > Advanced Settings > Manage API client access UI elements, and assigning all scopes the service account needs to the service account client ID.

Note: This final step must be done by a domain admin and can not be done by anyone who is not.

In this case, you will need to contact your domain admin to give your project API access.

I hope this is helpful to you!

References:

  • Google API Console
  • Google Admin Console

Related Answers:

  • Google Calendar API. Adding an event to someone calendar throws error “Error 401: invalid_client” just when authenticating


来源:https://stackoverflow.com/questions/61744176/creating-google-calendar-events-with-a-gcp-service-account

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!