service group : Insufficient Permission problem.

[mo...@linnovate.net]

Hi 

I tried  to use Group service api to get group list

 - Using OAuth 2.0 for Server to Server Applications

   I granted the service with the scopes needed

  and run the following code

var google = require('googleapis');

var sha256 = require('sha256');

var base64url = require('base64url');

var OAuth2 = google.auth.OAuth2;

var oauth2Client = new OAuth2("505761133715-18u8ql4t58rsoovasjkl071qkvihcjec.apps.googleusercontent.com", "FT1EzORA89Ls8lT3eIkp9yXb", "bi.linnovate.net");

// generate a url that asks permissions for Google+ and Google Calendar scopes

var scopes = [

  'https://www.googleapis.com/admin/directory/v1/groups'

];

//console.log("oauth2Client",oauth2Client);

var url = oauth2Client.generateAuthUrl({

  access_type: 'offline', // 'online' (default) or 'offline' (gets refresh_token)

  scope: scopes // If you only need one scope you can pass it as string

});

//console.log("url",url);

var header = '{"alg":"RS256","typ":"JWT"}';

var payload = '{"iss":"bb33we...@bb-1313.iam.gserviceaccount.com","scope":"https://www.googleapis.com/auth/devstorage.readonly","aud":"https://www.googleapis.com/oauth2/v4/token","exp":1463499999217,"iat":1463495999217}';

//var secret = "FT1EzORA89Ls8lT3eIkp9yXb";

var key = {

  "type": "service_account",

  "project_id": "bbweb-131333",

  "private_key_id": "yyy",

  "private_key":"xxx"

  "client_email": "bbwe...@biweb-1313.iam.gserviceaccount.com",

  "client_id": "102659247649615808035",

  "auth_uri": "https://accounts.google.com/o/oauth2/auth",

  "token_uri": "https://accounts.google.com/o/oauth2/token",

  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",

  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/biweb-api%40bbweb-1313.iam.gserviceaccount.com"

}

//var encodedString = base64UrlEncode(header) + "." + base64UrlEncode(payload);

var encodedString = base64url.encode(header)+"."+base64url.encode(payload)

var secretPart = sha256(encodedString, 'secret');

var jwt = encodedString+"."+secretPart;

console.log(jwt);

oauth2Client.getToken(jwt, function(err, tokens) {

  // Now tokens contains an access_token and an optional refresh_token. Save them.

  if(!err) {

    oauth2Client.setCredentials(tokens);

  }

  console.log(err);

  console.log("tokens",tokens);

});

but I got 

{ [Error: invalid_request] code: 400 }

tokens null

- Using Auth Groups Settings API Using Auth

       with the following code

      

var fs = require('fs');
var readline = require('readline');
var google = require('googleapis');
var googleAuth = require('google-auth-library');

// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/admin-directory_v1-nodejs-quickstart.json
var SCOPES = ['https://www.googleapis.com/auth/admin.directory.user'];
var TOKEN_DIR = (process.env.HOME || process.env.HOMEPATH ||
    process.env.USERPROFILE) + '/.credentials/';
var TOKEN_PATH = TOKEN_DIR + 'admin-directory_v1-nodejs-quickstart.json';

// Load client secrets from a local file.
fs.readFile('client_secret.json', function processClientSecrets(err, content) {
  if (err) {
    console.log('Error loading client secret file: ' + err);
    return;
  }
  // Authorize a client with the loaded credentials, then call the
  // Directory API.
  authorize(JSON.parse(content), listGroups);
});

/**
 * Create an OAuth2 client with the given credentials, and then execute the
 * given callback function.
 *
 * @param {Object} credentials The authorization client credentials.
 * @param {function} callback The callback to call with the authorized client.
 */
function authorize(credentials, callback) {
  var clientSecret = credentials.web.client_secret;
  var clientId = credentials.web.client_id;
  var redirectUrl = credentials.web.redirect_uris[0];
  var auth = new googleAuth();
  var oauth2Client = new auth.OAuth2(clientId, clientSecret, redirectUrl);

  // Check if we have previously stored a token.
  fs.readFile(TOKEN_PATH, function(err, token) {
    if (err) {
      getNewToken(oauth2Client, callback);
    } else {
      oauth2Client.credentials = JSON.parse(token);
      callback(oauth2Client);
    }
  });
}

/**
 * Get and store new token after prompting for user authorization, and then
 * execute the given callback with the authorized OAuth2 client.
 *
 * @param {google.auth.OAuth2} oauth2Client The OAuth2 client to get token for.
 * @param {getEventsCallback} callback The callback to call with the authorized
 *     client.
 */
function getNewToken(oauth2Client, callback) {
  var authUrl = oauth2Client.generateAuthUrl({
    access_type: 'offline',
    scope: SCOPES
  });
  console.log('Authorize this app by visiting this url: ', authUrl);
  var rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout
  });
  rl.question('Enter the code from that page here: ', function(code) {
    rl.close();
    oauth2Client.getToken(code, function(err, token) {
      if (err) {
        console.log('Error while trying to retrieve access token', err);
        return;
      }
      oauth2Client.credentials = token;
      storeToken(token);
      callback(oauth2Client);
    });
  });
}

/**
 * Store token to disk be used in later program executions.
 *
 * @param {Object} token The token to store to disk.
 */
function storeToken(token) {
  try {
    fs.mkdirSync(TOKEN_DIR);
  } catch (err) {
    if (err.code != 'EEXIST') {
      throw err;
    }
  }
  fs.writeFile(TOKEN_PATH, JSON.stringify(token));
  console.log('Token stored to ' + TOKEN_PATH);
}


function listGroups(auth) {
  var service = google.admin('directory_v1');
  service.groups.list({
    auth:auth,
    domain:'linnovate.net'
  }, function(err, response) {
    if (err) {
      console.log('The API returned an error: ' + err);
      return;
    }
  });

}

/**
 * Lists the first 10 users in the domain.
 *
 * @param {google.auth.OAuth2} auth An authorized OAuth2 client.
 */
function listUsers(auth) {
  var service = google.admin('directory_v1');

1.   service.users.list({
   

    auth: auth,
    customer: 'my_customer',
    maxResults: 10,
    orderBy: 'email'
  }, function(err, response) {
    if (err) {
      console.log('The API returned an error: ' + err);
      return;
    }
    var users = response.users;
    if (users.length == 0) {
      console.log('No users in the domain.');
    } else {
      console.log('Users:');
      for (var i = 0; i < users.length; i++) {
        var user = users[i];
        console.log('%s (%s)', user.primaryEmail, user.name.fullName);
      }
    }
  });

}

I get :

===========>

Error : insufficient permission

[Lakshmi(DCM API Team)]

Hi,

To clarify, are you trying to set up OAuth for DCM/DFA API? This forum is for DCM API related issues. If you are having OAuth issues for different API services, please post on the respective forums. 

Thanks,

Lakshmi, DCM API Team