2

I have a Google Apps account. I am trying to manipulate a users Calendar within this account.

  • I have created the Project, added the Calendar API service and created a Service Account OAuth 2.0 Client ID through the API console.
  • I have added that generated Email address to the Calendar through the Calendar settings to share the calendar.
  • I have followed the steps suggested to Manage the API access. The client name is the same domain that the Google Apps account is on, and the scope is "https://www.googleapis.com/auth/calendar".
  • Through various sources I was able to compile a script that allows me to read the nominated calendars events and add events to it.

What I cant do is create a sub calendar. I have read through, https://developers.google.com/accounts/docs/OAuth2ServiceAccount, and am attempting to send through the "prn".

This is where the script fails with; Error refreshing the OAuth2 token, message: '{ "error" : "access_denied" }'. If I remove the prn, then all is "good". The calendars just get created under the developer email. Code:

<?
ini_set('display_errors', 1);

session_start();

require_once 'google-api-php-client/src/Google_Client.php';
require_once 'google-api-php-client/src/contrib/Google_CalendarService.php';


const CLIENT_ID = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com';
const SERVICE_ACCOUNT_NAME = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@developer.gserviceaccount.com';
const MY_EMAIL  = '[email protected]';
const KEY_FILE = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx-privatekey.p12';

$client = new Google_Client();
$client->setClientId(CLIENT_ID);
$client->setApplicationName("My App");
$client->setAccessType('offline');
$client->setUseObjects(true);

if (isset($_SESSION['token'])) {
 $client->setAccessToken($_SESSION['token']);
}

$key = file_get_contents(KEY_FILE);

if (isset($_SESSION['token'])) {
    $client->setAccessToken($_SESSION['token']);
} else {
    $client->setAssertionCredentials(new Google_AssertionCredentials(
        SERVICE_ACCOUNT_NAME,
        array('https://www.googleapis.com/auth/calendar'),
        $key,
        'notasecret',
        'http://oauth.net/grant_type/jwt/1.0/bearer',
        MY_EMAIL)
    );  
}

// even tried setting the email here
$client->setClientId(MY_EMAIL);

$calendar = new Google_Calendar();
$calendar->setSummary('calendarx');
$calendar->setTimeZone('Australia/Brisbane');
$createdCalendar = $cal->calendars->insert($calendar);
?>

Any help would be greatly appreciated.

Improve this question

1 Answer 1

Reset to default
1

The prn field works only with hosted domains, if the domain administrator enabled your application (based on client id) to impersonate users.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I am the domain administrator, and I have enabled the application following these steps; developers.google.com/accounts/docs/…. Isnt that for OAuth applications? Not OAuth 2.0? The application and the Google Apps account are under the same domain.
Thank you for your answer. The penny finally dropped with the help of some other info as well. I was using the domain that the Google Apps account was on as the Client Id. Not the Client Id that was generated when I created the API Project. Doh!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.