Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SA not working #76

Open
hyperknot opened this issue Aug 8, 2023 · 6 comments
Open

SA not working #76

hyperknot opened this issue Aug 8, 2023 · 6 comments
Assignees
@kamarton
Labels
status:todo type:bug Something isn't working type:documentation Improvements or additions to documentation

Comments

@hyperknot
Copy link

Describe the bug
I did the SA account JSON key on a paid account as written. It doesn't work.

To Reproduce
Steps to reproduce the behavior:

Run

gwbackupy --service-account-key-filepath sa.json gmail backup --email [email protected]

INFO 2023-08-08 13:33:10,814 - Starting backup for [email protected]
INFO 2023-08-08 13:33:10,814 - Scanning backup storage...
INFO 2023-08-08 13:33:10,814 - Stored items: 0
INFO 2023-08-08 13:33:10,814 - Backing up labels...
INFO 2023-08-08 13:33:10,814 - Getting labels from server ([email protected])
INFO 2023-08-08 13:33:10,816 - file_cache is only supported with oauth2client<4.0.0
INFO 2023-08-08 13:33:10,818 - Attempting refresh to obtain initial access_token
INFO 2023-08-08 13:33:10,820 - Refreshing access_token
INFO 2023-08-08 13:33:10,981 - Failed to retrieve access token: {
  "error": "unauthorized_client",
  "error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}

Desktop (please complete the following information):
Ubuntu Linux CLI
@hyperknot
Copy link
Author

I've found the following writeup about delegating domain-wide authority, but it still doesn't work.
https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority

What is the scope I might need to add there?

@hyperknot
Copy link
Author

Found the correct scope on the GAM wiki
https://github.com/GAM-team/got-your-back/wiki#google-workspace-admins

@kamarton kamarton self-assigned this Aug 9, 2023
@kamarton kamarton added type:bug Something isn't working status:todo labels Aug 9, 2023
@kamarton
Copy link
Contributor

kamarton commented Aug 9, 2023

@hyperknot Did you generate SA access based on this guide? Service Account Setup

@hyperknot
Copy link
Author

Yes, but the last part is missing. Steps 12-16 in the linked GYT wiki.

@petrovicivan
Copy link

Scope https://mail.google.com/ in domain-wide authority is working

@kamarton
Copy link
Contributor

kamarton commented Feb 4, 2024

The documentation is incomplete and incorrect. Domain-wide authorization is required for SA operation.

In editing the SA on the cloud console. Domain-wide delegation https://mail.google.com/ scope is enough.

gwbackupy-sa-–-IAM-Admin-–-testing-–-Google-Cloud-console

@kamarton kamarton added the type:documentation Improvements or additions to documentation label Feb 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kamarton kamarton

Labels
status:todo type:bug Something isn't working type:documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hyperknot @petrovicivan @kamarton