google-api-dotnet-client: Impersonation using Service account not working in dot net
I have looked into the Service account sample to access public post in google plus account. Similarly I am trying to use the service account which is having domain wide delegation to impersonate a user and scan through the email id in a G-Suite account. When I try to call the Gmail API I am getting unauthorized_client exception. Could you please help me to understand what I am missing here? Details of the google console setting and the code snippet is defined below. • Enabled Domain-Wide Delegation for the service account
• Enable the client to access the API in security settings
• Following is the code and the error message which I got in a console application. `public static void AccessGmailInboxWithServiceAccount() {
String serviceAccountEmail = lstrServiceAccountId;//"SERVICE_ACCOUNT_EMAIL_HERE";
var certificate = new X509Certificate2(p12KeyFilePath, "notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
User = impersonateUserEmail,
Scopes = new[] { GmailService.Scope.MailGoogleCom }
}.FromCertificate(certificate));
// Create the service.
var gmailService = new GmailService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Gmail API Service Account Sample Impersonating User",
});
var listRequest = gmailService.Users.Messages.List(impersonateUserEmail);
listRequest.Q = "in:INBOX";
var messages = listRequest.Execute().Messages;
Console.WriteLine("Press any key to continue...");
Console.ReadKey();
}`
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 20 (4 by maintainers)
@AbilashSekharan I don’t know much about delegation, but have noticed a couple of things that might help: