Menu
I get this error when trying to run my code:
oauth2client.client.AccessTokenRefreshError: unauthorized_client: Unauthorized client or scope in request.
Here is my code:
import json
import requests
import httplib2
from oauth2client.client import SignedJwtAssertionCredentials
from apiclient.discovery import build
if __name__ == '__main__':
json_key_file = 'my-key.json'
with open(json_key_file) as json_file:
json_data = json.load(json_file)
credential = SignedJwtAssertionCredentials(json_data['client_email'], json_data['client_email'], json_data['private_key'], scope=['https://www.googleapis.com/auth/admin.directory.user','https://www.googleapis.com/auth/admin.directory.user.readonly'], sub='[email protected]')
http = httplib2.Http()
http = credential.authorize(http)
service = build('admin', 'directory_v1', http=http)
data = service.users().list(domain='domain.com').execute()
print data
I have the scope set correctly in my console, and I have my Admin SDK enabled in my console. My email is a super admin with access to all Admin API Privileges.
Why would I be getting this error?
920
Figured it out:
You need to use the client ID from your "Developers Console" as the Client Name in the "Manage API client access" when you're setting your API scopes
https://developers.google.com/+/domains/authentication/delegation
129
You need to also go to G Suite Admin for the domain, then click Security, Show More, Advanced Settings, Manage Api Client Access (or just browse to this at the time of writing).
Then add an entry that in the Client name has your client name and the Scope has your scope. For instance mine looks like this, you do not need all the scopes only the one appropriate for your purpose:
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
