4

I'm trying out a (node.js) sample app to authenticate against Google API and then make a Google Drive request. The sample I am trying to run is from the github readme of the googleapis node.js library using jwt:

var jwtClient = new googleapis.auth.JWT(
 '[email protected]',
 './key.pem',
 null,
 ['https://www.googleapis.com/auth/drive'],
 '[email protected]');
jwtClient.authorize(function(err, tokens) {
 if (err) {
 console.log(err);
 return;
 }
 // Make an authorized request to list Drive files.
 drive.files.list({ auth: jwtClient }, function(err, resp) {
 // handle err and response
 });
});

Authentication fails with:

{ error: 'unauthorized_client',
 error_description: 'Unauthorized client or scope in request.' }

I'm not 100% sure about the '[email protected]'. Using my Client ID, I receive the error 'Invalid impersonation prn email address.'.

I have created service account client ID, service email and certificate fingerprints according to documentation. Do I have to specify additional things? Is my scope incorrect? If it is, what should it be?

Google Drive API is enabled in the Google Developer Console. I also activated the trial account.

asked Jan 15, 2015 at 3:14

1 Answer 1

13

Ugh, after trying many things, the result is rather simple: doing the above sample without 'impersonate'-email it just worked. Code: 

var jwtClient = new googleapis.auth.JWT(
 '[email protected]',
 './key.pem',
 null,
 ['https://www.googleapis.com/auth/drive']);

The example from the readme is available as a complete file inside examples (here).

answered Jan 15, 2015 at 6:34
Sign up to request clarification or add additional context in comments.

7 Comments

i know this is old - but have you tried this developers.google.com/admin-sdk/reports/v1/guides/delegation to allow 'impersonate'?
@DaveBriand: well, it's not that long ago. But I already start to forget. For my purpose the imporsonate is not required (frankly, I'm not quite sure when it is). My use case is a rather simple one (accessing public drive data).
OH MY GOSH thank you. I have been at this for hours... you genius you.
I should be allowed to upvote a 2nd time. This saved me once and apparently one of my stashes wasn't updated properly and it just saved me again. I was including an email address as one more parameter after the scopes and this made me realize that was the problem.
For the record, it looks like the problem library is here or the underlying libraries. I see where the subject is set, but unless there's something I'm missing on the other side to enable impersonation, something here isn't right. github.com/google/google-auth-library-nodejs/blob/master/lib/…
|

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.