0

I'm following the documentation from Google on how to create a user through the API but I cannot figure what I'm missing.

This is the code I'm using:

    string SERVICE_ACCOUNT_PKCS12_FILE_PATH = @"myfile.p12";
    string SERVICE_ACCOUNT_EMAIL = "[email protected]";


    void CreateUser()
    {
        var certificate = new X509Certificate2(SERVICE_ACCOUNT_PKCS12_FILE_PATH, "notasecret", X509KeyStorageFlags.Exportable);


        ServiceAccountCredential credential = new ServiceAccountCredential(
           new ServiceAccountCredential.Initializer(SERVICE_ACCOUNT_EMAIL)
           {
               Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser }
           }.FromCertificate(certificate));


        var service = new DirectoryService(
            new BaseClientService.Initializer()
            {
                HttpClientInitializer = credential,
                ApplicationName = "apitest"
            });

        var user = new Google.Apis.Admin.Directory.directory_v1.Data.User()
        {
            Name = new Google.Apis.Admin.Directory.directory_v1.Data.UserName()
            {
                GivenName = txtName.Text,
                FamilyName = txtFamilyName.Text
            },
            Password = txtPasword.Text,
            PrimaryEmail = txtEmail.Text
        };


        try
        {
            var result = service.Users.Insert(user).Execute();
        }
        catch (Exception ex)
        {
        }
    }

At this point I always get:

Google.Apis.Requests.RequestError
Not Authorized to access this resource/api [403]
Errors [
Message[Not Authorized to access this resource/api] Location[ - ] Reason[forbidden] Domain[global]
]

I've enabled the Admin SDK API and created a service account, which is the one I'm using here.

Improve this question
2
  • possible duplicate of Google Admin SDK Unable to Create User - Exception 403 Forbidden Commented Aug 5, 2014 at 8:09
  • Note I am not even sure you can do this. Assuming you could the service account would need access to what ever domain it is you are trying to add users to. You may be able to take the service account email address and add that as an admin giving it the permissions needed to add users. Commented Aug 5, 2014 at 8:10

1 Answer 1

Reset to default
1

The trick to the above code is that I forgot to add the admin account email on the crendentials.

This code will fix the problem:

           ServiceAccountCredential credential = new ServiceAccountCredential(
           new ServiceAccountCredential.Initializer(SERVICE_ACCOUNT_EMAIL)
           {
               Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser },
               User = "[email protected]"
           }.FromCertificate(certificate));
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks so much for this. I was banging my head against the wall for a bit.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.