'Request failed for https://cloudidentity.googleapis.com returned code 403

I'm trying to use this API manage company devices in my workspace. 1st step is pulling a list of current devices. Code is in apps script.

I'm getting:

Exception: Request failed for https://cloudidentity.googleapis.com returned code 403. Truncated server response: {
  "error": {
    "code": 403,
    "message": "The caller does not have permission",
    "status": "PERMISSION_DENIED"
  }
}

Things I've done

  1. Service account has domain wide delegation for cloud-platform, cloud-identity and cloud-identity.devices
  2. Auth is done via Google's OAuth library, seems to work fine.
  3. OAuth also has space for scopes, same one's are requested.

Code bits:

    var scriptProperties = PropertiesService.getScriptProperties()
    private_key= scriptProperties.getProperty('private_key').replace(/\\n/g, '\n')
    client_email = scriptProperties.getProperty("client_email")
    ;

    function getOAuthService() {
      return OAuth2.createService('Service Account')
        // Set the endpoint URLs
        .setTokenUrl('https://accounts.google.com/o/oauth2/token')

        // Set the client ID and secret
        .setPrivateKey(private_key)
        .setIssuer(client_email)

        // Set the property store where authorized tokens should be persisted
        .setPropertyStore(PropertiesService.getScriptProperties())
        // .setCache(CacheService.getUserCache())

        .setParam('access_type', 'offline')
        .setScope('https://www.googleapis.com/auth/cloud-identity');
    }

    function reset() {
      var service = getOAuthService();
      service.reset();
    }


    function downloadDevices() {
    var service = getOAuthService();
    service.reset();
      if (service.hasAccess()) {
        var pageToken;
        var URL = "https://cloudidentity.googleapis.com/v1/devices";
        var headers = {
            Authorization: 'Bearer ' + service.getAccessToken()
          };
        var options = {
                method : "GET",
                headers: headers
              };
          var response = UrlFetchApp.fetch(URL, options);
        } else {
        Logger.log('service Error');
        Logger.log(service.getLastError());
      }
    }

By the looks of it everything is fine, it just that I don't have permissions. But as far as I can see there is no more relevant permissions to give.

google-apps-scripthttp-status-code-403service-accountsgoogle-cloud-identity


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to do I locate a Google SpreadSheet ID?

How to automatically add data to another sheet when a specific cell's values changes?

How to navigate html pages with standalone Google Apps Script?

Google Classroom API Create Material

Error when connecting to MSSQL Server with Google Apps Script via JDBC

Is there a way to tie code to multiple GAS using clasp for testing?

Updating multiple appscript projects from one appscript

How to sort sheets within a spreadsheet in chronological order by date in google apps script

Add an open url handler to a button

How to trigger a script via clicking a cell

Google Spreadsheet with data from WebSocket

Call a Google Sheets add-on within a Google Apps Script?

How to declare Class fields in Google App Script using javascript

Running WebAssembly on Google Apps Script

Google apps script: how to refresh data connector from Salesforce with a script?