Search code examples

Google Service Account Delegation 404 error

I am attempting to authenticate with a service account to work on behalf of a user account on the domain. I have delegated admin access and added to the GSuite console. I can get an access token with the below but the making batch requests to copy drive files returns "code: 404, message: 'File not found:". The below code is writted in Google Apps Script. Am I missing something form the process to creating and authenticating the service account?

    var CREDENTIALS = {
      private_key: "-----BEGIN PRIVATE KEY----- XXXXXXX \n-----END PRIVATE KEY-----\n",
      client_email: "[email protected]",
      client_id: "1XXXXXXXXXXXXXXXX",
      user_email: "[email protected]",
      scopes: ["","","",""]

    function oAuthToken(){
          var url = "";
          var header = {
            alg: "RS256",
            typ: "JWT",
          var now = Math.floor( / 1000);
          var claim = {
            iss: CREDENTIALS.client_id,
            sub: CREDENTIALS.user_email,
            scope: CREDENTIALS.scopes.join(" "),
            aud: url,
            exp: (now + 3600).toString(),
            iat: now.toString(),
          var signature = Utilities.base64Encode(JSON.stringify(header)) + "." + Utilities.base64Encode(JSON.stringify(claim));
          var jwt = signature + "." + Utilities.base64Encode(Utilities.computeRsaSha256Signature(signature, CREDENTIALS.private_key));

          var params = {
            method: "post",
            payload: {
              assertion: jwt,
              grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
          var res = UrlFetchApp.fetch(url, params).getContentText();
          return JSON.parse(res)

The batch process is a bit rough but this is the gist of it.

var request={

var backoff =0

function batch(request) {
  var oAuth=oAuthToken().access_token
  var url =''+request.batchPath
  var body =request.requests
    return []
  var boundary = 'xxxxxxxxxx';
  var contentId = 0;
  var data = '--' + boundary + '\r\n';

  for (var i in body) {
    if(typeof body[i]=='object'){
      data += 'Content-Type: application/http\r\n';
      data += 'Content-ID: ' + ++contentId + '\r\n\r\n';
      data += body[i].method + ' ' + body[i].endpoint + '\r\n';
      data += body[i].requestBody ? 'Content-Type: application/json; charset=utf-8\r\n\r\n' : '\r\n';
      data += body[i].requestBody ? JSON.stringify(body[i].requestBody) + '\r\n' : '';
      data += "--" + boundary + '\r\n';

  var parseBatchRes = function(res) {
    var splittedRes = res.split('--batch');
    return splittedRes.slice(1, splittedRes.length - 1).map(function(e) {
      return {
        contentId: Number(e.match(/Content-ID: response-(\d+)/)[1]),
        status: Number(e.match(/HTTP\/\d+.\d+ (\d+)/)[1]),
        object: JSON.parse(e.match(/{[\S\s]+}/)[0]),

  var payload = Utilities.newBlob(data).getBytes();
  var head = {Authorization: 'Bearer ' + oAuth}
  var options = {
    method: 'POST', 
    contentType: 'multipart/mixed; boundary=' + boundary,
    payload: payload,
    headers: head,
    muteHttpExceptions: false
  var complete=false;
  var finalResponse=[];
  for (var n=0; n<=backoff; n++) {
    var complete = true
    var response =UrlFetchApp.fetch(url, options).getContentText();
    for(var j=0;j<response.length;j++){
        var complete = false


  • Add the supportsAllDrives = true query parameter to the request.

    The parameters indicates whether the requesting application supports both My Drives and shared drives and the default value for this is false.
