I would like to rig things so that my GCP service account can invite users to calendar events. So for example [email protected] would invite [email protected] to an event. It seems to me that this should be possible simply by giving [email protected] permission to use the Calendar API, without having [email protected] grant any additional permissions.
I tried to implement this example, but replaced the compute scope and the compute API calls with the calendar scope and calendar API calls. My code is returning the error
Insufficient Permission: Request had insufficient authentication scopes.
I've poked around on the internet a bunch, and I cannot tell if the problem is that I did something wrong or if the problem is that Google does not support what I'm trying to do.
Here is my code:
const {google} = require('googleapis');
const compute = google.compute('v1');
const {GoogleAuth} = require('google-auth-library');
async function main() {
const auth = new GoogleAuth({
scopes: ['https://www.googleapis.com/auth/calendar',
'https://www.googleapis.com/auth/compute']
});
//keeping the compute stuff in as a sanity check
//to ensure that the problem is with calendar, not something more general
const authClient = await auth.getClient();
const project = await auth.getProjectId();
const res = await compute.zones.list({project, auth: authClient});
console.log(res.data);
createEvent(auth);
}
/**
* Lists the next 10 events on the user's primary calendar.
* @param {google.auth.OAuth2} auth An authorized OAuth2 client.
*/
function createEvent(auth) {
const calendar = google.calendar({version: 'v3', auth});
calendar.events.insert({
calendarId: 'primary',
event: {
"description": "my test event",
"start": {
"date": "2020-05-20",
},
attendees: [{email: "[email protected]"}]
}
}
);
}
main().catch(console.error);
You need to enable the APIs and provide scopes in three places: in your auth code, in the GCP console, and the Google Admin console.
As I explained in the comments, the code you have provided should run without issue. The Insufficient Permission: Request had insufficient authentication scopes. error is a result of the service account not being given access to the required scopes somewhere on Google's side.
Make sure you have completed the following steps:
const auth = new GoogleAuth({
scopes: ['https://www.googleapis.com/auth/calendar',
'https://www.googleapis.com/auth/compute']
});
Security > Advanced Settings > Manage API client access UI elements, and assigning all scopes the service account needs to the service account client ID.Note: This final step must be done by a domain admin and can not be done by anyone who is not.
In this case, you will need to contact your domain admin to give your project API access.