1

I am trying to fetch and update the Users of my domain using Google Admin API

  private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
  private static final List<String> SCOPES = Arrays.asList(
      "https://www.googleapis.com/auth/admin.directory.user",
      "https://www.googleapis.com/auth/admin.directory.user.readonly");

  public static void main(String[] args) {
    try {
      HttpTransport httpTransport = new NetHttpTransport();


      GoogleCredential credential =
          new GoogleCredential.Builder()
              .setTransport(httpTransport)
              .setJsonFactory(JSON_FACTORY)
              .setServiceAccountId(
                  "[email protected]")
              .setServiceAccountUser("[email protected]")
              .setServiceAccountScopes(SCOPES)
              .setServiceAccountPrivateKeyFromP12File(
                  new File("C:\\privatekey.p12")).build();

      Directory admin =
          new Directory.Builder(httpTransport, JSON_FACTORY, credential)
              .setApplicationName("User Sync Service")
              .setHttpRequestInitializer(credential).build();

      Directory.Users.List list = admin.users().list();
      list.setDomain("mydomain.com");
      Users users = list.execute();
      System.out.println("************");
    } catch (Exception e) {
      e.printStackTrace();
    }
  }

I am getting this error

com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
  "error" : "access_denied"
}
    at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
    at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
    at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
    at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:269)
    at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
    at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217)
    at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:858)

Screenshots: enter image description here enter image description here

Improve this question
1
  • 1
    If there's any way to directly access API using username and password or some other way, please post it. :( Commented Sep 25, 2013 at 13:05

1 Answer 1

Reset to default
2

The specific error you are seeing probably means that you did not give the service account access to the Google Apps domain in the CPanel's 3rd party OAuth settings. This step is described in the Google Drive domain-wide delegation documentation (just sub in the Directory scopes).

Also, rather than using a service account, you may just want to use a regular OAuth 2.0 token for web servers or installed applications. It's still not as simple as just supplying an admin user/pass but it's simpler than service accounts and it's much more secure than user/pass access since you're scoping the access and not touching the user password directly.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

This solved the problem. Was banging my head for almost 1 week. The Google Documentation is quite misleading. Better it should be updated properly
one small help. How to log request and response in Console. is there any way to log them?
But if you use regular oauth tokens instead of a service account, you'll have to manually authorize your application when it starts, which is not comfortable, specially if you are running a Spring Boot application on Docker, which is my case.
Nico, get and store a refresh token the first time. Then you can get an access token whenever your app runs. developers.google.com/identity/protocols/oauth2/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.