GoogleCredential created by json private key file (ServiceAccount) - how to configure a user to issue itself?

Question

GoogleCredential created by json private key file (ServiceAccount) - how to configure a user to issue itself?

Only starting with Google Apis. In my Google Cloud Platform account, I created a service account for domain delegation. I saved the private key file in json format for this service account.

In my test application, I create an instance of GoogleCredential:

var credential = GoogleCredential.FromStream(new FileStream("privatekey.json", FileMode.Open, FileAccess.Read)) .CreateScoped(Scopes);

How can I customize the user I want to impersonate? When using the private key p12, I could do the following:

 var credential = new ServiceAccountCredential( new ServiceAccountCredential.Initializer(" xxx@developer.gserviceaccount.com ") //service Account id { Scopes = Scopes, User = " admin@xxx.com " //the user to be impersonated }.FromCertificate(new X509Certificate2(@"xxx.p12", "notasecret", X509KeyStorageFlags.Exportable)));

But how can I do this in a “simple way” using GoogleCredential and the json privatkey file?

Yours faithfully

+6

c # .net google-api google-api-dotnet-client

Reenedev Jul 21 '16 at 6:49

source share

2 answers

Reenedev · Answer 1 · 2016-08-03T06:12:28+0000

Ok, I solved it now by copying the code from inside GoogleCredential and the inner class DefaultCredentialProvider

 using (var fs = new FileStream("key.json", FileMode.Open, FileAccess.Read)) { var credentialParameters = NewtonsoftJsonSerializer.Instance.Deserialize<JsonCredentialParameters>(fs); if (credentialParameters.Type != "service_account" || string.IsNullOrEmpty(credentialParameters.ClientEmail) || string.IsNullOrEmpty(credentialParameters.PrivateKey)) throw new InvalidOperationException("JSON data does not represent a valid service account credential."); return new ServiceAccountCredential( new ServiceAccountCredential.Initializer(credentialParameters.ClientEmail) { Scopes = Scopes, User = _adminUser //the user to be impersonated }.FromPrivateKey(credentialParameters.PrivateKey)); }

If someone (possibly peleyal ) has an idea to do this directly through GoogleCredential, feel free to give me a hint;)

turtlepower · Answer 2 · 2016-07-22T14:33:23+0000

Javascript is below, but you can do similar in #C. I'm sure.

I use client_id and client_secret method

 function tokenRefresh(){ var uri = "https://accounts.google.com/o/oauth2/token"; var payload = { 'client_id' : 'XXXXXXXX.apps.googleusercontent.com', 'client_secret' : 'XXXXXXXX', 'grant_type' : 'refresh_token', 'content_type' : 'application/x-www-form-urlencoded', 'refresh_token' : 'XXXXXXXX' }; var options = { "method" : "POST", "muteHttpExceptions" : false, "payload" : payload }; var response = UrlFetchApp.fetch(uri, options), response_json = JSON.parse(response.getContentText()), token = response_json.access_token; return(token); }

This will give you a new token every time if you have the correct permissions for the area.

You will need to add access_key every time you want to access the API (and not the key = specified in some Google docs)

For more information on how to get the area, feel free to check what I wrote: http://thisistony.com/blog/googleanalytics/google-analytics-api-oauth-ever-wondered-how-to-get-the -access_token /

GoogleCredential created by json private key file (ServiceAccount) - how to configure a user to issue itself?

More articles: