I am trying to use Gsuite Application Scope for Get Mail Message Activity and use Service Account Key as authentication method.
I tried with following ways:
Get a service account key in .p12 format, updated key path, service account email and password
Error Received: Precondition check failed [400]
Get a service account key in json format, updated key path.
Error Received: Precondition check failed [400]
After reading some of the Forum posts, checked Has Domain Wide Access checkbox, and gave my personal email address as User’s email
Error Received: Unauthorized email address
Can anyone help me with following questions:
How to solve this precondition check failed when using Service account key authentication in .p12 format? Not getting what I am doing wrong here?
When using Account key in JSON format and checking HasDomainWideAccess, can you tell me which user’s email address we need to provide (Personal gmail address?). In Google console under the service account which I am using there is Domain Wide Delegation option under Advanced Settings, but i couldn’t find any option to enable it. Seems it is only available for Google Workspace account.
If roles/permission needs to be setup for Service account key authentication, how to do it, what roles do I need to set up. I tried with Service Account Admin and Key Admin but received same error (Precondition check failed)
In configuration scope for Gsuite in UiPath - mail.google.com and auth/drive scopes are checked.
Precondition Check Failed with .p12 Format:
The “Precondition Check Failed” error generally indicates that there’s an issue with the authentication or authorization process. Some possible reasons for this error could include:
Incorrect path to the .p12 key file.
Incorrect service account email or password.
Incorrectly configured scopes in UiPath.
Double-check that you’ve provided the correct path to the .p12 key file, the service account email, and password. Also, ensure that you have selected the appropriate scopes required for your intended operations (e.g., reading mail).
Account Key in JSON Format and HasDomainWideAccess:
If you are using a JSON format key and trying to enable domain-wide delegation, it’s important to note that domain-wide delegation is generally intended for Google Workspace (formerly G Suite) accounts, not personal Gmail accounts. When enabling domain-wide delegation, you would provide the email address of a super admin or admin account from your Google Workspace domain, not a personal Gmail address.
Setting Up Roles/Permissions for Service Account:
The roles you need to set up depend on the specific tasks the service account needs to perform. For accessing Gmail, you typically need the appropriate Gmail scopes. The https://www.googleapis.com/auth/gmail.readonly scope might be relevant for reading mail.
If you’re encountering permission issues, here’s a general outline of what you might do in the Google Cloud Console:
Go to IAM & Admin > IAM.
Find your service account and click on it.
Click the “+ Add Member” button.
Enter the email of the service account and assign relevant roles like “Gmail Read” or custom roles.
If I add a scope of “https://www.googleapis.com/auth/gmail” then the error is: Get Mail Messages: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential [401]
