Need Help With Integrating Google Admin SDK, Directory API

nicholasrbarrow · 2020-11-26T04:24:56.156Z

I’m using the Google Easy JWT Token to return a Bearer.
I’m looking for how to turn that bearer into an API request to pull (1) a list of my users and (2) a list of my groups.
The service account seems to be working, but I don’t know how to structure my API request.
I.E.: what authentication type, headers, etc.
Any help is greatly appreciated!

NigelG · 2020-11-26T09:40:47.814Z

If you have a bearer token then in the Header add the following pair

Authorization
Bearer xxxxxxxxxxxxxxxxx

Just pick “None or Self Handled”

image792×254 9.93 KB

nicholasrbarrow · 2020-11-27T04:50:44.656Z

@NigelG Thanks for that!

Not sure how familiar you are with the Google side, but I have it setup to look like this as you suggest (I’m generating the token and copying/pasting for now):

Screen Shot 2020-11-26 at 11.47.03 PM1722×594 50.3 KB

I have the call set to this:

Screen Shot 2020-11-26 at 11.48.28 PM1722×1096 85.1 KB

Based on this:

Google for Developers

Administrar las cuentas de usuario | Admin console...

I know my Google end is correct scope wise, etc., but keep getting this error:

Screen Shot 2020-11-26 at 11.50.05 PM1722×1096 67.8 KB

Thanks for any help/advice you can provide!

NigelG · 2020-11-27T10:05:09.781Z

A service account is not an admin, and you need admin access.

Perform Google Workspace Domain-Wide Delegation of Authority

nicholasrbarrow · 2020-11-27T21:33:37.904Z

Okay that makes more sense. I’ll try adding sub to the claim set to so the service account can impersonate me. Thanks so much! Huge help!