Can you share the code with which you are asking for authorization? 9 out of 10 times, if each user in the domain is getting prompted, that is because you are asking for “offline” access. Domain wide authorization cannot be done for offline access. In Python for instance, you can do that like this – … Read more
To fix, I revoked access to the app at https://accounts.google.com/IssuedAuthSubTokens and retried after which, I was able to access the API correctly. Despite having the scope in the list, and the scope showing up on Google’s OAuth2 grant page, the additional scope wasn’t granted.
I think G does this when your app requests a token and there is still a valid access or refresh token for the user for the scopes in question. The solution is to revoke tokens when you’re done with them (either on user logout or immediately after authenticating the user) by issuing this request: https://accounts.google.com/o/oauth2/revoke?token={token} … Read more
This is not currently supported. I filed a feature request and will update on progress. Update: Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced … Read more
If you want to change the email address that is displayed to the user you have to: Add permission for the new email address to handle the project: Menu > IAM & Admin > IAM, then click on the Add button, enter the email address and select Role > Project > Owner Accept the invitation … Read more
I use the following C# code for accessing Gmail from Service Account String serviceAccountEmail = “999999999-9nqenknknknpmdvif7onn2kvusnqct2c@developer.gserviceaccount.com”; var certificate = new X509Certificate2( AppDomain.CurrentDomain.BaseDirectory + “certs//fe433c710f4980a8cc3dda83e54cf7c3bb242a46-privatekey.p12”, “notasecret”, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); string userEmail = “[email protected]”; ServiceAccountCredential credential = new ServiceAccountCredential( new ServiceAccountCredential.Initializer(serviceAccountEmail) { User = userEmail, Scopes = new[] { “https://mail.google.com/” } }.FromCertificate(certificate) ); if (credential.RequestAccessTokenAsync(CancellationToken.None).Result) { GmailService … Read more
Google has dropped support for the accepted answer above! After April 20th 2017 use of the In-App browser as described by @Deep Mehta will no longer be supported. If you use the accepted answer then it is going to start failing very soon. Here’s Google’s post about the change: https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html Luckily there’s a new plugin … Read more
Answer: These checkboxes are due to the rolling out of a new granular account permission system, they are completely normal, and can not be turned off. More Information: After some digging, I discovered this Google Developers blog post from 2018 in which it is discussed that in the new permission system, users will have the … Read more
Answer: You need to pass your Service Account private key obtained from the GCP console to your JWT Client, and specify which user you wish to impersonate as a subject. Code: After getting your private key, you need to pass this into your JWT Client before authorisation: let google = require(‘googleapis’); let privateKey = require(“./privatekey.json”); … Read more
This method uses the Gmail API, the OAuth2 for Apps Script library, and “Domain-wide Delegation of Authority”, which is a way for G Suite admins to make API calls on behalf of users within their domain. Step 1: Make sure the OAuth2 For Apps Script library is added to your project. Step 2: Set up … Read more