Google service account: Delegate Domain-Wide Delegation of Authority to impersonate only ONE user
We need to access Google Calendar API with server application to create the events and invite the attendees. Google recommends to use service account for the applications.
The main problem here with the attendees inviting to the event, because the service account can't do it without the Domain-Wide Delegation of Authority (see image).
Organization do not want to give the service account an access to ALL user's data. So, I'm trying to find out can we delegate the Domain-Wide Delegation of Authority to the ONE user of the domain ? (restrict access to use another user's data).
P.S. it's only about Google Calendar API.
Actually what it meant to as to use a service account to access the Google Calendar API on behalf of users, is that you can use a single service account to impersonate different users one at a time. So if you want to impersonate just only one user, then there shouldn't be any problem. You just need to specify the user's email address to impersonate before making an authorized API call
After you delegate domain-wide authority to the service account, You need to preparation to make an authorized API call where you need to specify the user to impersonate.
For example, if you will check Google APIs Client Library for Java - Impersonation, GoogleCredential.Builder.setServiceAccountUser(String). This method only accept a single email address of the user to impersonate.
OPTION 1: (With the use of a service account)
If you want to use a service account in your application which can only impersonate a specific user/users, you can publish an app in Google Apps Marketplace. Then you can restrict the access of this app for specific user/users or even by organization using admin console. Turn on or off a Google Workspace Marketplace app for users
OPTION 2: (Without the use of a service account)
You can access Google API through a specific user rather than with a service account. You just need to enable the API and generate API Keys. See Calendar API Quickstarts on how to setup and use the api.
- Why does Google Calendar.Events.Watch say my request is not HTTPS
- Google Calendar API Opaque Key String vs Native Event ID long
- "Invalid recurrence rule" on some ICS files
- Creating a .ics file for classes schedule
- Authentication using Node.js OauthClient "auth-code" flow
- Events added to Google Calendar using the API always
- Google Calendar Add Event in PHP
- What is the character limit for event description of a Google Calendar?
- Calendar Event Time Incorrect in Script despite Correct Formatting in Google Sheets
- Google Calendar PHP API
- Google calendar API move event
- How to programmatically request domain-wide delegation for Google Calendar API?
- Integrating Google Calendar API Into An Application?
- Creating Recurring events on Google Calendar via API
- Google Calendar API: Requesting only existing events
- Create Conference does not work in Google Calendar API
- Google cloud, unable to edit policies to enable permission to create Service Account Keys
- CalendarEvent in CalendarApp... Manual Delete = Still Accessible Through Apps Script?
- Is there any way to use a URL field across Google Calendar and iOS calendar
- Google G Suite ( Workspace ) How to disable the passcode on the device
- How to Delete Today's Google Calendar Entries in Google Apps Script
- Inquiry Regarding Google Calendar API Settings for Retrieving 'Public Holidays Only' Japanese calendar
- Access Google Calendar API with username/password
- Google Calendar API why is EXDATE not working
- Google Calendar API v3 - Only send emails to newly added attendees
- Is there an API for accessing data from Live Calendar?
- Google calendar api: recurring events exceptions + master event update
- Format of ics for Google Calendar e.g Father's day
- Are there tools like Jqwik for easily testing Google API's time class? (DateTime, EventDateTime...etc)
- Update All Future Events Using Google Calendar API