So I have setup my service account with domain wide delegation as described in this post Perform G Suite Domain-Wide Delegation of Authorit. In G Suite Admin Console I have authorized the service account to use the OAuth 2.0 scope:
https://www.googleapis.com/auth/calendar.
Every time I try to create an event I end up with this error
GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "calendar",
"message" : "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority.",
"reason" : "forbiddenForServiceAccounts"
} ],
"message" : "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority."
}
new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(json.get("client_id").getAsString)
.setServiceAccountPrivateKeyId(json.get("private_key_id").getAsString)
.setServiceAccountPrivateKey(getPrivateKeyFromPkcs8(jsonCreds.get("private_key").getAsString))
.setServiceAccountScopes(SCOPES)
.build()
This building the google credential. No impersonation is used, and the calendar is shared with the service account.
Contacted G Suite support and any service accounts made after March 2, 2020 will no longer be able to invite guests to events without using impersonation.