Client is unauthorized to retrieve access tokens using this method Gmail API C#

c# gmail-api

I am getting the following error when i tried to authorize gmail api using service account

"Client is unauthorized to retrieve access tokens using this method"

static async Task MainAsync()
    {

        sstageEntities db = new sstageEntities();
        //UserCredential credential;
        Dictionary<string, string> dictionary = new Dictionary<string, string>();    
String serviceAccountEmail =
"xxx.iam.gserviceaccount.com";

        var certificate = new X509Certificate2(
            AppDomain.CurrentDomain.BaseDirectory +
              "xxx-8c7a4169631a.p12",
            "notasecret",
            X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);

        //string userEmail = "[email protected]";

        ServiceAccountCredential credential = new ServiceAccountCredential(
            new ServiceAccountCredential.Initializer(serviceAccountEmail)
            {
                User = "[email protected]",
                Scopes = new[] { "https://mail.google.com/" }
            }.FromCertificate(certificate)
        );


        // Create Gmail API service.
        var gmailService = new GmailService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = ApplicationName,
        });

        // Define parameters of request.

        var emailListRequest = gmailService.Users.Messages.List("[email protected]");
        emailListRequest.LabelIds = "INBOX";
        emailListRequest.IncludeSpamTrash = true;
        emailListRequest.Q = "from:[email protected] is:unread";



        //Get our emails
        var emailListResponse = await emailListRequest.ExecuteAsync();

I am using the p12 key which i got while creating service account.But when i run my console app the following error occurs.Any help would be really appreciated.

Thanks in advance !


The service account needs to be authorized or it cant access the emails for the domain.

"Client is unauthorized to retrieve access tokens using this method"

Means that you have not authorized it properly check Delegating domain-wide authority to the service account


FWIW, since I'm too new to comment, DalmTo and Shane's answers pointed me in the right direction for my problem, which was that new functionality that I had added to an existing script (PHP) needed authorization of additional scopes for the service account. In my case, I'm working with the GMail API.

Besides the path mentioned in the Google documentation page that Shane cited, you can also go to https://admin.google.com/ac/owl/domainwidedelegation, where you can manage domain-wide delegation in a slightly different interface (I actually prefer it). I got to that page via Security > API Permissions, then clicking on the notice about those settings moving to App Access Control, where there's a "Manage Domain Wide Delegation" link at the bottom.

Related

How can I do something like: USE @databaseName
Why does assigning to True/False not work as I expect?
constexpr initializing static member using static function
Sort multi-dimensional array by specific key
Formatting a Duration in Java 8 / jsr310
Importing modules using ES6 syntax and dynamic path [duplicate]
Field \"me\" of type \"User\" must have a selection of subfields
Can we use any other TAG inside <ul> along with <li>? [duplicate]
How to use Events with Option Button Controls on Userform [duplicate]
Retrieve String out of addValueEventListener Firebase
jqgrid dynamic columns and data by json [duplicate]
Count the occurences a particular integer has in an array [duplicate]