This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Generated jwt token doesn't allow to access workspace buildings as a service account

Posted 2 weeks ago
kris_
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm developing an app that uses a service account to manage events in a calendar and takes informations about the buildings set in the workspace. I'm generating a jwt token that allows me after calling https://oauth2.googleapis.com/token  to have a proper token to perform authenticated requests at google's rest api. 

This has success when I ask for event's of a specific calendar but fails with error 403 when I ask for buildings at this api endpoint https://admin.googleapis.com/admin/directory/v1/customer/ CUSTOMER_ID/resources/buildings. Is there something I'm missing?

I'm using those scopes:

And the service account has the permission 

  • Service Account Token Creator

The jwt token is generated using python with this series of commands:

 

 

# scopes is an input variable
# service_account_info is the json object obtained generating a key for the service account
scopes.append("https://www.googleapis.com/auth/cloud-platform")

# Create the JWT payload
payload = {
    'iss': service_account_info['client_email'],
    'aud': 'https://oauth2.googleapis.com/token',
    'scope': ' '.join(scopes),
    'iat': time.time(),
    'exp': time.time() + 3600
}

signer = google.auth.crypt.RSASigner.from_service_account_info(service_account_info)
jwt_token = google.auth.jwt.encode(signer, payload)

 

 

The request to the rest api is a GET with in the headers an Autorization: Bearer {jwt}

2 0 15
Topic Labels
0 REPLIES 0