I want to access the entire events existing in a calendar of a gsuite domain. I tried using domain deligation with service account and it allows me to assume a user and get all of its events but i want to fetch the entire events in a gsuite account.
In order to achieve your task, you should create a service account which impersonates the admin of the domain.
Afterwards, you can retrieve the users of the domain by making use of the Admin SDK.
GET https://admin.googleapis.com/admin/directory/v1/users
Based on the list you get, you can get the events from the calendar of each user.
GET https://www.googleapis.com/calendar/v3/calendars/calendarId/events
Where, calendarId is the email of one of the users from the domain.
Reference
Admin SDK users.list;
Calendar API events.list.
Related
Is it possible using a service account to add events in the user's calendar ?
For example given a internal email (in our workspace), could we add an event for this user ?
We have a configured service account with Domain-wide Delegation, we are able to list users, create new one etc. But we would like to access their calendar to add new events.
Is it possible to achieve ?
Edit
We do not want our user to use a OAuth2 consent screen, we want to do it smoothly without them to need to interact.
If you set up domain wide deligation for the service account to a user on your domain.
Then yes the service account will be able to act on behalf of that user and add an event in their calendar.
Service accounts have their consent preconfigured so no consent screen will be shown.
I am able to create an event in Google Calendar using Service account and Google Calendar API, where Project and Service Account is created in Google Workspace admin account and in the same account, I have enabled domain-wide delegation property. I haven't created separate calendar and haven't given access to Service account. If I use my workspace-google account in createDelegated(), with this event is getting created in 'abc#myworkspace.com' calendar and 'created by' property is also the same for every attendee I have added.
GoogleCredentials googleCredentials = GoogleCredentials
.fromStream(new FileInputStream(CREDENTIALS_FILE_PATH)).createScoped(SCOPES)
.createDelegated("abc#myworkspace.com");
So my question is what if I need to create event for non-workspace google account(lets say def#gmail.com)
Can I pass 'def#gmail.com' into the createDelegated()? If I do, I am getting,
Error getting access token for service account: 400 Bad Request
So how to create event for non-workspace google account?
Note : App type is still 'Internal' in OAuth consent screen.
Could someone explain what am I missing here?
A service account with domain-wide delegation can only be used for domains
A Google Workspace account is a domain, a personal consumer account is not a domain.
Consequently, you can not perform a request on behalf of a consumer account user via a service account.
Instead, you would need to create the event directly as def#gmail.com similar to the documentation sample.
No you can only delgate to an account on your domain
createDelegated("abc#myworkspace.com");
You can not delgate to a standard google account as there would be no way for you to configure the permissions
perform-google-workspace-domain-wide-delegation-of-authority
Perform Google Workspace Domain-Wide Delegation of Authority
Note: Only users with access to the Admin APIs can access the Admin SDK Directory API, therefore your service account needs to impersonate one of those users to access the Admin SDK Directory API. Additionally, the user must have logged in at least once and accepted the Google Workspace Terms of Service.
Owner vs attendee.
A service account properly delegated. Will have permission to create an event on behalf of a user in the domain that they have been delegated permission.
Example: I have delegated permission to my service account to user User1#myDomain.com. For all intensive purposed the service account now has all permissions of User1. So the service account can create a new event on behalf of user1 and invite anyone to the event they choose.
As there is no way to set up deligation to user2#gmail.com there is no way for the service account to act like this user as it is a standard gmail user.
The only way for an application to create an event on behalf of user2#gmail.com would be to use Oauth2 and request consent of User2#gmail.com to access their private data. Then the application would be able to create a new event on behalf of User2#gmail.com.
Remember this is creating an event. There is nothing stopping the service account delegated as user1#mydomain.com from inviting user2#gmail.com to the event. user2#gmail.com will then be notified that they have been invited to the event they can then decide if they want to attend or not if they accept it then it will appear in their google calendar account. Notice how user2#gmail.com had to manually accept this. User1#mydomain.com did not have to manually accept that the event was created in their google calendar as the service account was acting on their behalf.
I am new to Google Calendar API, I had created the Service Account for OAuth process and then I get the access token using JWT. Then I try to fetch the calendar list but the response didn't fetch the calendar list. I am using business account with domain. I want to view my organization user calendar list.
Response:
{
"kind": "calendar#calendarList",
"etag": "\"p3208dll2qn2d60g\"",
"nextSyncToken": "CICG1qLVxNMCEjBtZWV0aW5nQHBvbGV0dXMtY2FsZW5kYXIuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20=",
"items": []
}
The Organization user having the SuperAdmin access.
And I tested with my normal gmail account using service accounts it works for all api requests.
Remember a service account is not you. A service account is a dummy user it has its own Google calendar account. Assuming that you did share the calendar in question with the Service account it may not have been added to the calendar list.
All calendar list is the list on the bottom left hand side of the GUI. Sometimes when you share a calendar with a service account it doesn't get added properly to the calendar list. You can add it yourself via the service account by running calendarlist.insert
Assuming that you have not granted the server account permissions to read the calendar you will need to do so by sharing it like you would any other user using the service account email address.
I have an app using s2s connection with google calendar api. I need to create an event in different users calendars. To make it possible the user should go to the calendar's settings and share their calendar to the service account.
But I would like to simplify this for the user - so that they don't need to go to their calendar settings. I don't have an interface for the user interaction - it's a bot.
How can I access the user's calendar in another way?
Maybe you can change the role set by the user to the calendar. According to this documentation, the owners of a calendar can share the calendar by giving access to other users. The sharing settings of a given calendar are represented by the ACL collection (access control list) of that calendar. Each resource in the ACL collection grants a specified grantee a certain access role. So the user can make you the writer or owner of their calendar, so that you can access it.
Another way is by using Delegating domain-wide authority to the service account,
If you have a Google Apps domain—if you use Google Apps for Work, for
example—an administrator of the Google Apps domain can authorize an
application to access user data on behalf of users in the Google Apps
domain. For example, an application that uses the Google Calendar API
to add events to the calendars of all users in a Google Apps domain
would use a service account to access the Google Calendar API on
behalf of users. Authorizing a service account to access data on
behalf of users in a domain is sometimes referred to as "delegating
domain-wide authority" to a service account
Not sure if this is possible or if anyone has managed to do this. I have user with super admin access, with which I can create a new user for my domain. However I also want to add a couple of calenders to the created user's calendar list. When I create a user I authenticate using my super admin, but then I can't add a calendar to the user's calendar list since I am not logged in as the user. Is it possible to do this as the super admin, or do I have to logout and authenticate as the created user in order to add calendars to their list? This is the base url to which the post request is made:
https://www.googleapis.com/calendar/v3/users/me/calendarList
in the place of me could I pass in the id of the user? I couldn't find any parameter in the documentation with which I can specify the user to whose list I want to add a calender.
Thanks
Two options:
Each user much login to google calendar and share thier calendar to a single user. You can then use this account to update their calendars. Note that google has limitations to how many calendars and request you are allowed before the account goes to read-only mode.
Buy a google apps domain (5$per user per month) and create a service account at console.developers.google.com. Create a project and give it domain wide delgation at admin.google.com. In Apps engine you should be able to give access for admin to modify all users calendars.
No matter what case you choose, you also need to enable CalendarAPI at dev console site. Now with private key created from website request OAuth2 access token, where sub field is set for the users that you want to change calendar for. With returned access token use CalendarAPI to modify calendar.
Sry for bad english and short description, i'm in a hurry. /conner ;)