Delegation Denied when accessing users mailbox
9,372 views
Skip to first unread message
Ameerkhan Mohamed
Feb 21, 2015, 7:54:27 AM2/21/15
to golan...@googlegroups.com
I have written a GO code to authorize and retrieve a token for admin using web account and i am able to list the user of my domain using Admin SDK.
But what i have to do now is access users mailbox in my domain.
Here is my code and error i got.
func userGmail(){
baseUrl := "https://www.googleapis.com/gmail/v1/users/us...@domain.com/threads"
authbear := "Bearer "
authbear += <Access_token>
cli := &http.Client{}
req, err := http.NewRequest("GET", baseUrl, nil)
if(err!=nil){
fmt.Println(err)
}
req.Header.Set("Authorization", authbear)
res, err := cli.Do(req)
if(err!=nil){
fmt.Println(err)
}
re, err := ioutil.ReadAll(res.Body)
if(err!=nil){
fmt.Println(err)
}
fmt.Println(string(re))
}
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Delegation denied for <us...@domain.com>"
}
],
"code": 403,
"message": "Delegation denied for <us...@domain.com>"
}
}
But what i have to do now is access users mailbox in my domain.
Here is my code and error i got.
func userGmail(){
baseUrl := "https://www.googleapis.com/gmail/v1/users/us...@domain.com/threads"
authbear := "Bearer "
authbear += <Access_token>
cli := &http.Client{}
req, err := http.NewRequest("GET", baseUrl, nil)
if(err!=nil){
fmt.Println(err)
}
req.Header.Set("Authorization", authbear)
res, err := cli.Do(req)
if(err!=nil){
fmt.Println(err)
}
re, err := ioutil.ReadAll(res.Body)
if(err!=nil){
fmt.Println(err)
}
fmt.Println(string(re))
}
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Delegation denied for <us...@domain.com>"
}
],
"code": 403,
"message": "Delegation denied for <us...@domain.com>"
}
}
Jim Cote
Feb 23, 2015, 1:27:04 PM2/23/15
to golan...@googlegroups.com
In order to do account impersonation, you will need to register your service account in the Google Apps Admin console at https://admin.google.com/ManageOauthClients. You can get there vi Security->(show more)Advanced Settings->Manage API Client Access. https://developers.google.com/accounts/docs/OAuth2ServiceAccount#delegatingauthority.
To obtain an access token that grants an application delegated access to a resource, include the email address of the user in the JWT claim set as the value of the sub field.
On Saturday, February 21, 2015 at 7:54:27 AM UTC-5, Ameerkhan Mohamed wrote:
I have written a GO code to authorize and retrieve a token for admin using web account and i am able to list the user of my domain using Admin SDK.
But what i have to do now is access users mailbox in my domain.
Here is my code and error i got.
func userGmail(){
santitos
Mar 25, 2015, 11:46:12 PM3/25/15
to golan...@googlegroups.com
Your account is not delegated to another person, just you had access!!
deepan...@gmail.com
Sep 12, 2015, 11:34:18 PM9/12/15
to golang-nuts
try using 'me' rather than 'us...@domain.com'
On Saturday, February 21, 2015 at 6:24:27 PM UTC+5:30, Ameerkhan Mohamed wrote:
I have written a GO code to authorize and retrieve a token for admin using web account and i am able to list the user of my domain using Admin SDK.
But what i have to do now is access users mailbox in my domain.
Here is my code and error i got.
func userGmail(){
Reply all
Reply to author
Forward
0 new messages