Google Authentication with Service Account fails (node.js)

Question

I'm trying out a (node.js) sample app to authenticate against Google API and then make a Google Drive request. The sample I am trying to run is from the github readme of the googleapis node.js library using jwt:

var jwtClient = new googleapis.auth.JWT(
  '[email protected]',
  './key.pem',
  null,
  ['https://www.googleapis.com/auth/drive'],
  '[email protected]');

jwtClient.authorize(function(err, tokens) {
  if (err) {
    console.log(err);
    return;
  }

  // Make an authorized request to list Drive files.
  drive.files.list({ auth: jwtClient }, function(err, resp) {
    // handle err and response
  });
});

Authentication fails with:

{ error: 'unauthorized_client',
  error_description: 'Unauthorized client or scope in request.' }

I'm not 100% sure about the '[email protected]'. Using my Client ID, I receive the error 'Invalid impersonation prn email address.'.

I have created service account client ID, service email and certificate fingerprints according to documentation. Do I have to specify additional things? Is my scope incorrect? If it is, what should it be?

Google Drive API is enabled in the Google Developer Console. I also activated the trial account.

Answer 1

Ugh, after trying many things, the result is rather simple: doing the above sample without 'impersonate'-email it just worked. Code:

var jwtClient = new googleapis.auth.JWT(
  '[email protected]',
  './key.pem',
  null,
  ['https://www.googleapis.com/auth/drive']);

The example from the readme is available as a complete file inside examples (here).