Hello everyone!
I’m trying to connect to the Google Directory API (REST Resource: users) via Airflow. I want to get a list of users within the organizational google workspace as well as update some attributes.
I want to do this programmatically via the service account that has been setup within the API project with appropriate scope:
https://www.googleapis.com/auth/admin.directory.user. The domain-wide delegation has also been enabled as well as the admin sdk api. The service account also has full permissions to the API project.
However, when I’m trying to run a basic standalone python script using google api client and google oauth2 to test if the service account is able to access the api and get a single user via their email, it’s throwing this error:
Error fetching user: <HttpError 403 when requesting https://admin.googleapis.com/admin/directory/v1/users/%40?alt=json returned “Not Authorized to access this resource/api”. Details: “[{‘message’: ‘Not Authorized to access this resource/api’, ‘domain’: ‘global’, ‘reason’: ‘forbidden’}]”>
However, when i add the email of the super admin for the impersonation, the service account is able to access the user in the directory api.
What is the reason? Am I missing something?
Thank you!