{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 来,给爷笑一个 的问题《Google API: Gmail Service Push Notification (Watch》','https://www.manongdao.com/q-594446.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to call watch() on a mailbox. I set up a service Iam account, and created a topic and suscription. I gave my service account full(owner) rights to my topic and subscription. But when calling execute on watch(), I get the error:
Google.Apis.Requests.RequestError Error sending test message to Cloud PubSub projects/projectid/topics/topicname : User not authorized to perform this action. [403] Errors [ Message[Error sending test message to Cloud PubSub projects/projectid/topics/topicname : User not authorized to perform this action.] Location[ - ] Reason[forbidden] Domain[global] ]
Here is the code I use to set up my service:
credential = new X509Certificate2("file.p12"), "password", X509KeyStorageFlags.Exportable);
var service = new GmailService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = applicationame,
});
WatchRequest body = new WatchRequest()
{
TopicName = "projects/projectid/topics/topicname",
LabelIds = new[] {"INBOX"}
string userId = "me";
UsersResource.WatchRequest watchRequest = service.Users.Watch(body, userId);
WatchResponse test = watchRequest.Execute();
My service account has access to all the following scopes:
https://mail.google.com/
https://www.googleapis.com/auth/gmail.modify
https://www.googleapis.com/auth/gmail.readonly
https://www.googleapis.com/auth/gmail.metadata
Am I missing something here?
EDIT
Added the following scope, but still not success: https://www.googleapis.com/auth/pubsub
EDIT
Also added the following with no success: https://www.googleapis.com/auth/cloud-platform
You need to remember that a service account is not you. A service account is a dummy user which has a google drive account a google calendar account and probably a bunch more. However it does not have a gmail account.
Service accounts are preauthorized. You need to grant the service account access to read the users email.
userId's needs to be the id of the user whos emails you wish to access. 'Me' wont work because a serveries account doesn't have a gmail account it has no emails to read.
Just need the scopes:
https://www.googleapis.com/auth/gmail.modify https://www.googleapis.com/auth/pubsub
In the Cloud Pub/Sub Developer Console you need to grant publish privileges to serviceAccount:gmail-api-push@system.gserviceaccount.com
I did not give the service account that gmail uses to publish updates to Pub/Sub permission to publish to the topic (TopicName):
serviceAccount:gmail-api-push@system.gserviceaccount.comI gave this account permission in the console.