无法使用服务帐户在 google 日历中创建活动
Cannot create events in google calendar with service account
我有两个 google 工作区帐户用于测试。帐户 A 有一个服务帐户,在帐户 B 中,我已将具有 reading/writing 所需权限的全域委派服务帐户添加到帐户 B 中的日历。
阅读活动和日历有效。但是,当尝试使用帐户 B 的资源日历中的服务帐户创建事件时,出现以下错误:
{"error":{"errors":[{"domain":"calendar","reason":"requiredAccessLevel","message":"You need to have writer access to this calendar."}],"code":403,"message":"You need to have writer access to this calendar."}}
添加的权限:
如果我们在一个 Google Workspace 帐户中进行测试,它会起作用。
这是代码
// clientMail is the service account id
// privateKey is the service account key
// subject is also the service account id
const jwtClient = new google.auth.JWT(
clientMail,
undefined,
privateKey,
[
'https://www.googleapis.com/auth/calendar',
],
subject,
);
let calendar = google.calendar({
version: 'v3',
auth: jwtClient,
});
...
savedEvent = (await calendar.events.insert({ calendarId, requestBody: event })).data;
...
您似乎忘记指定要将服务帐户委托给哪个用户。
from google.oauth2 import service_account
SCOPES = ['https://www.googleapis.com/auth/calendar']
SERVICE_ACCOUNT_FILE = '/path/to/service.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES)
delegated_credentials = credentials.with_subject('user@example.org')
我有两个 google 工作区帐户用于测试。帐户 A 有一个服务帐户,在帐户 B 中,我已将具有 reading/writing 所需权限的全域委派服务帐户添加到帐户 B 中的日历。
阅读活动和日历有效。但是,当尝试使用帐户 B 的资源日历中的服务帐户创建事件时,出现以下错误:
{"error":{"errors":[{"domain":"calendar","reason":"requiredAccessLevel","message":"You need to have writer access to this calendar."}],"code":403,"message":"You need to have writer access to this calendar."}}
添加的权限:
如果我们在一个 Google Workspace 帐户中进行测试,它会起作用。
这是代码
// clientMail is the service account id
// privateKey is the service account key
// subject is also the service account id
const jwtClient = new google.auth.JWT(
clientMail,
undefined,
privateKey,
[
'https://www.googleapis.com/auth/calendar',
],
subject,
);
let calendar = google.calendar({
version: 'v3',
auth: jwtClient,
});
...
savedEvent = (await calendar.events.insert({ calendarId, requestBody: event })).data;
...
您似乎忘记指定要将服务帐户委托给哪个用户。
from google.oauth2 import service_account
SCOPES = ['https://www.googleapis.com/auth/calendar']
SERVICE_ACCOUNT_FILE = '/path/to/service.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES)
delegated_credentials = credentials.with_subject('user@example.org')