authenticating a service account to call a Google API with JavaScript client library

Question

I want to make JSON-RPC calls from localhost (WAMP environment) to the Google FusionTables API (and a couple of other APIs) using the Google Client Library for JavaScript

Steps I have taken:

1. setup a project on the Google Developer Console
2. enabled the FusionTables API
3. created a service account and downloaded the JSON file.
4. successfully loaded the JS client library with the auth package: gapi.load('client:auth2', initAuth);
5. constructed the init method parameter the following 3 ways:
   • the downloaded JSON verbatim
   • the downloaded JSON modified to include the scope
   • just the client ID and scope
6. tried (and failed) to initialize the GoogleAuth instance: gapi.auth2.init(params)

    function failed(reason) {
        console.log(reason);
    }
    gapi.load('client:auth2', initAuth);

    function initAuth() {

        var APIkey = 'MY API KEY';
        gapi.client.setApiKey(APIkey); //I understand this to be unnecessary with authorized requests, included just for good measure

        var GDTSAKey = 'MY SERVICE ACCOUNT KEY';
        var scopes = 'https://www.googleapis.com/auth/fusiontables';
        gapi.auth2.init({
            client_id: "101397488004556049686",
            scope: 'https://www.googleapis.com/auth/fusiontables'
        }).then(signin, failed("couldn't initiate"));
        //passing the downlaoded JSON object verbatim as parameter to init didn't work either
    } //initAuth()

    function signin() {
        gapi.auth2.getAuthInstance().signIn().then(makeAPIcall), failed("couldn't sign-in");
    }

    function makeAPIcall(){
        gapi.client.load('fusiontables', 'v2', function(){
            var tableId = '1PSI_...';
            var table = gapi.client.fusiontables.table.get(tableId);
            document.querySelector("#result").innerHTML = table;            
        });
    }

based on JS client library >> Samples

the gapi.auth2.init method invokes the second callback (which I understand to be an error handler): failed("couldn't initiate"), but then, curiously, I also get `couldn't sign in' which could only have originated from within the provided success handler. What's going on? How do I get this to work?

Note: I am only willing to try the CORS/xhr, if there is no way to do it with JS client lib.

Answer 1

What's going on?

You are trying to use a service account with the Google JavaScript client library which does not support service accounts.

How do I get this to work?

Switch to Oauth2 authentication or if you must use a service account switch to a server sided language like PHP or python for example. Which support service account authentication.