I have gone over several questions in regards to Directory API and PHP Client lib but none helped. The closest one was this one: Google Apps Admin SDK Directory API 403 in PHP However the problem still persists.
I cannot access the Directory API (Admin SDK) using the PHP client Library.
I CAN access the Email Settings API.
They are both related to the Admin SDK, so I do not understand why when I access the email settings API I get a token, but when I try to access the Directory API I get 403 "Requested client not authorized."
The code is
$scopes = array('https://www.googleapis.com/auth/admin.directory.user',
'https://apps-apis.google.com/a/feeds/emailsettings/2.0/');
$auth = new Google_Auth_AssertionCredentials(G_CLIENT_EMAIL, $scopes,file_get_contents (G_CLIENT_KEY_PATH),
'notasecret',
'http://oauth.net/grant_type/jwt/1.0/bearer',
'my.superadmin@account.com', false
);
What am I missing?
ALSO: How the heck do you use the logging/debugging class in PHP Client lib? I see the abstract class but could not figure out how to use it. In the end I just placed my own print statements in Curl.php to inspect what was going on.
I found the error, initially I thought of deleting the question out of shame, but it might help someone else save a few hours.
Basically in the project console, there are 2 client IDs, a native App ID and a service account ID.
When I extended the projects scope, I used the wrong client ID in the domain control panel. Even though it was something I checked over and over again, it was not something I saw until I was preparing a document for Google Support. Only when I copied and pasted what I placed in the control panel bellow what I saw in the project console, I saw that only the first set of digits matched.
wooops.