Access granted : false

[jonathanVeyssiere]

Hello,

I have an issue with the usage of this library aiming at using a service account with a wide delegation on corporate email. I'd like to generate a token usable to proceed to an api call made in the name of one of my user using AppScrit (impersonate).

I proceed to the previous steps below :

1. Create a service account
2. Authorize the client_id on Admin console for the dedicated api scope on wide delegation
3. Create and download a JSON key attached to that service account
4. Enable the dedicated API on the GCP project (Google Analytics API)

It is only working when the setIssuer(...............) and .setSubject(...............) are with the json.client_email.

Do you know how to handle such requests with App script ? How can I make a such a call ?

Sample of the test code :

function getUserToken() {
var json = {
"type": "service_account",
"project_id": "....................",
"private_key_id": "....................",
"private_key": "....................",
"client_email": "....................",
"client_id": "....................",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "....................",
"client_x509_cert_url": "...................."
}
var service = getOAuthService(json);
service.reset();
Logger.log(service.getAccessToken());
if (service.hasAccess()) {
Logger.log(service.getAccessToken());
}
}

function getOAuthService(json) {
return OAuth2.createService("Service Account")
.setTokenUrl('https://accounts.google.com/o/oauth2/token')
.setPrivateKey(json.private_key)
.setIssuer(json.client_email)
.setSubject("....................")
.setPropertyStore(PropertiesService.getScriptProperties())
.setParam('access_type', 'offline')
.setScope('https://www.googleapis.com/auth/analytics.readonly');
}

function reset(json) {
var service = getOAuthService(json);
service.reset();
}

[erickoledadevrel]

For step #2, did you follow the directions here?