Gsuite Service Account Key Authentication

News Knowledge Base
,
1

How to perform Gsuite service account key authentication?

Issue Description: While uploading a file or creating a folder within a Google drive folder which is shared with edit access to the Google drive service account. Using Gsuite activities and service account key (JSON) as the authentication type for the same. But it is unable to location the folder or files in google drive folder shared with me.


Resolution: The following steps create a service account and its credentials, which are required for Google Workspace domain-wide delegation of authority. The code uses the credentials created here to authorize the actions the service account takes.

  1. Open the Service accounts page. If prompted, select a project
  2. Click add Create Service Account, enter a name and description for the service account. Use the default service account ID, or choose a different, unique one. When done click Create
  3. The Service account permissions (optional) section that follows is not required. Click Continue
  4. On the Grant users access to this service account screen, scroll down to the Create key section. Click add Create key
  5. In the side panel that appears, select the format for your key: JSON is recommended
  6. Click Create. The new public/private key pair is generated and downloaded to the machine; it serves as the only copy of this key. For information on how to store it securely, see Managing service account keys
  7. Click Close on the Private key saved to your computer dialog, then click Done to return to the table of the service accounts.

Delegate Domain - Wide Authority To The Service Account

To access user data on a Google Workspace domain, the service account that is created needs to be granted access by a super administrator for the domain. For more information about domain-wide delegation, see Control Google Workspace API access with domain-wide delegation.

To delegate domain-wide authority to a service account:

  1. From the Google Workspace domain’s Admin console, go to Main menu Menu > Security > Access and data control > API controls
  2. In the Domain wide delegation pane, select Manage Domain Wide Delegation
  3. Click Add new
  4. In the Client ID field, enter the client ID obtained from the service account creation steps above.
  5. In the OAuth Scopes field, enter a comma-delimited list of the scopes required for your application (for a list of possible scopes, see Authorize requests)
  6. For example, if you require domain-wide access to Users and Groups enter:
  • https://www.googleapis.com/auth/admin.directory.user,
  • https://www.googleapis.com/auth/admin.directory.group
  • https://www.googleapis.com/auth/drive.file
  • https://www.googleapis.com/auth/drive
  • https://www.googleapis.com/auth/drive.appdata
  • Click Authorize.

Refer to the below screenshot for the sample Gsuite configuration. After this, try to use Gsuite-related activities