Just received a note from Nick - check his reply in my thread.
Bottom line from him is that the analytics service does not yet support OAuth "Server to Server" interactions. He pointed towards a blog post which lists the services which support this type of interaction
On Saturday, March 31, 2012 10:05:50 AM UTC-7, Ian Ibbotson wrote:
Yep.. same boat here and stuck again.. only getting 403 responses :(
On Mar 31, 10:11 am, doucol <doug.coll...@gmail.com> wrote:
> Soooo funny. I just spent the last two days on the same exact problem.
> Yeah, very frustrating.
> However, now all I get back is a 403 forbidden from the actual analytics
> service request. :(
> On Saturday, March 31, 2012 1:45:44 AM UTC-7, Ian Ibbotson wrote:
> > Typically...
> > After fighting with this for 14 odd hours, and finally posting here...
> > I go and fix it in 3 mins!
> > I thought it was just worth trying the email address from the API
> > console instead of the client-Id.. Hey presto, 200OK.
> > Hopefully this will help someone else. Google friends, can I make a
> > suggestion that
> >https://developers.google.com/accounts/docs/OAuth2ServiceAccount > > could use a small edit in under the "Forming the JWT Claim Set"
> > heading, "Required Claims" section. Specifically, the table listing
> > the parameters reads "iss - the client_id of the application making
> > the access token request". I think it should really read "the Email
> > address as taken from the API Console service account setting".. I'm
> > pretty sure it says to send client_id in a few other places, but that
> > page seems to be the authoritative one, and is linked from the API
> > console. Making it a bit clearer would have saved me a bit of pain.
> > Thanks all!
> > Ian.
> > On Mar 31, 9:30 am, Ian Ibbotson <iani...@gmail.com> wrote:
> > > Hi All.
> > > Apologies if I'm asking a dumb question, did search around and I
> > struggled
> > > to find anything that matched. Please feel free to tell me to go search
> > > harder if I'm just being dumb....
> > > I have a server app that needs to collect it's own analytics data from
> > the
> > > API, and had planned to use the service-accounts scenario to collect the
> > > data... At first I tried to use the google libraries, but they seem to
> > come
> > > with a world of dependency hell that I'd like to avoid if at all
> > possible.
> > > Aside from that, I thought it would be good to try and understand the
> > > process from the ground up.
> > > I've had some limited success getting the JWT request together and
> > signing
> > > it.. I *think* everything is as it should be, but when I make my first
> > call
> > > the server always returns 400 : error:invalid_grant
> > > I've tried generating a new key, but nothing seems to help, and I'm a
> > bit
> > > stuck to know whats going wrong and why.
> > > I've attached a .groovy test that demonstrates the problem if anyone is
> > > sufficiently motivated to take a look. To run it, you'll need to
> > generate a
> > > new service account from the api console, download the key and then
> > update
> > > the test file with your client_id and path to the downloaded .p12 file.
> > > The test script should grab all the dependencies it needs. Hopefully
> > > someone out there will take a look and spot that I've just done
> > something
> > > really dumb.
> > > Thanks for any assistance!
> > > Ian.
> > > test.groovy
> > > 4KViewDownload