Try to get API access with service account flow but got an error
AccessTokenRefreshError: invalid_grant
What I'm doing wrong?
import httplib2
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
SERVICE_ACCOUNT_EMAIL = '....@developer.gserviceaccount.com'
SERVICE_ACCOUNT_PKCS12_FILE_PATH = '/mnt/...privatekey.p12'
user_email = '...@customdomain.com'
with file(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'rb') as f:
key = f.read()
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key, scope=['https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/calendar', 'https://www.googleapis.com/auth/admin.directory.user', 'https://www.google.com/m8/feeds/', 'https://mail.google.com/'], sub=user_email)
http = credentials.authorize(httplib2.Http())
service = build('oauth2', 'v2', http=http)
user = service.userinfo().get().execute()
All scopes is granted with google domain admin when installing marketplace application.
Assuming you're using Google App Engine: GAE doesn't support P12, you need to convert the P12 to PEM via OpenSSL. If you are using unix you can use these commands:
openssl pkcs12 -in privatekey.p12 -nodes -nocerts > privatekey.pem
Once you have the new PEM file, make sure to delete any lines (there may be four of them) prior to the " -----BEGIN PRIVATE KEY-----". Or, as an alternative run the following command:
openssl pkcs8 -nocrypt -in privatekey.pem -passin pass:notasecret -topk8 -out pk.pem