Answer: You need to enable the APIs and provide scopes in three places: in your auth code, in the GCP console, and the Google Admin console. More Information: As I explained in the comments, the code you have provided should run without issue. The Insufficient Permission: Request had insufficient authentication scopes. error is a result … Read more
So I was half-step close to the solution, the problem was that while creating const jwtClient = new google.auth.JWT(googleKey.client_email, null, googleKey.private_key, [‘https://www.googleapis.com/auth/gmail.send’], null); i did not mention the account to be impersonated. The correct initialization should be: const jwtClient = new google.auth.JWT(googleKey.client_email, null, googleKey.private_key, [‘https://www.googleapis.com/auth/gmail.send’], ‘user@domain.com’); To summarize, the correct steps are: Created a project … Read more
I use the following C# code for accessing Gmail from Service Account String serviceAccountEmail = “999999999-9nqenknknknpmdvif7onn2kvusnqct2c@developer.gserviceaccount.com”; var certificate = new X509Certificate2( AppDomain.CurrentDomain.BaseDirectory + “certs//fe433c710f4980a8cc3dda83e54cf7c3bb242a46-privatekey.p12”, “notasecret”, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); string userEmail = “user@domainhere.com.au”; ServiceAccountCredential credential = new ServiceAccountCredential( new ServiceAccountCredential.Initializer(serviceAccountEmail) { User = userEmail, Scopes = new[] { “https://mail.google.com/” } }.FromCertificate(certificate) ); if (credential.RequestAccessTokenAsync(CancellationToken.None).Result) { GmailService … Read more
Answer: You need to pass your Service Account private key obtained from the GCP console to your JWT Client, and specify which user you wish to impersonate as a subject. Code: After getting your private key, you need to pass this into your JWT Client before authorisation: let google = require(‘googleapis’); let privateKey = require(“./privatekey.json”); … Read more