4

We are trying to build a service to export google drive files for in our gsuite domain.

We're working with the https://github.com/google/google-api-php-client

We made a service user, downloaded and saved the user credentials and granted domain-wide-access to the service user.

With the simplest example like below (like in every doc, i found):

putenv('GOOGLE_APPLICATION_CREDENTIALS='/service-account-credentials.json');

$client = new \Google_Client();
$client->setAuthConfig('service-account-credentials.json');

$client->setScopes('https://www.googleapis.com/auth/drive.file');

$client->useApplicationDefaultCredentials();
$client->setSubject('[email protected]');

$service = new \Google_Service_Drive($client);

$service->files->listFiles();

as soon as we include the line $client->setSubject('[email protected]'); it's dropping the following error:

{
    "error": "unauthorized_client",
    "error_description": "Client is unauthorized to retrieve access tokens using this method."
}

has anyone an idea, or can share a code sample for this problem. It's a real blocker for us and for now I don't have any idea why this error appears

Improve this question
4
  • Could be just a typo copying here perhaps, but your first and third lines are each missing a quote mark so your strings are all messed up. Commented Mar 10, 2017 at 8:10
  • thx, but this were just typos here on stackoverflow Commented Mar 10, 2017 at 8:38
  • You may refer with this thread. You error means that there is something wrong with your authentication. Double check if you grant the service account access properly. The service account that you created needs to be granted access to the user data that you want to access. Commented Mar 10, 2017 at 9:06
  • I tried granting access, creating service accounts, creating oAuthClients etc. I checked the documentation several times but nothing seems to work Commented Mar 10, 2017 at 10:02

1 Answer 1

Reset to default
4

I finally made it

After a couple of trys I realized I was delegating domain-wide-access to the wrong Client-ID. I always thought this should be the same as the "client_email" I'm using in the script. But it is really (really, really, really) important, that this is the "client_id" (as mentioned in the documentation by the way). This is not an email or a string it's just a simple number you get when you create a key for the Service Account.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Not sure I'm following. You assign the Domain-wide-access to the service account, not a specific Client-ID (although the service account has a Client-ID). Did you create multiple service accounts and assign DwD to the wrong account? Include code if possible!
but if you put in the client_email into that once you click "authorize" it'll replace that email looking thingy with the client id. I'm very jealous that you got this to work though because I'm still struggling with it.
I'm also not getting it. It makes no difference whether you use the ID or the email, it resolves to the same thing.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.