Client Is Unauthorized to Retrieve Access Tokens Using This Method Gmail API C#

Client is unauthorized to retrieve access tokens using this method Gmail API C#

The service account needs to be authorized or it cant access the emails for the domain.

"Client is unauthorized to retrieve access tokens using this method"

Means that you have not authorized it properly check Delegating domain-wide authority to the service account

Using New Google API Console project getting unauthorized_client ,Client is unauthorized to retrieve access tokens using this method

This is a common error when running an API call with a service account but not properly completing the domain-wide delegation (DWD) or because the authorization in the admin console has not propagated yet.

This article explains in details the process of DWD. If you have done that, wait 24 hours and it should work. If it doesn't work after that, then it must be something else but as far as I can say right now, the DWD process is the issue.

PLEASE NOTE: DWD is available only to G Suite customers. If you are using a consumer gmail.com account, you won't be able to do this. Instead, you'll have to go through the user consent OAuth flow.

client is unauthorized to retrieve access tokens using this method service account error

In google developer console when you create your project and the credentials you must choose which type of client you are going to create for which type of application.

There are several different ways to authenticate to google.

• OAuth2 native
• OAuth2 web
• Mobile
• Service account

The code to use these clients is also different. You cant create a web OAuth2 client and use it for the code meant to be calling a service account.

"client is unauthorized to retrieve access tokens using this method".

Means exactly that. The client you have set up on Google developer console is either not a service account client or the code you are using is not meant for a service account client.

This is my serviceaccount.php sample. If your code needs to look something like this and you need to make sure that the client you created on the google developer console is a service account client.

require_once __DIR__ . '/vendor/autoload.php';
// Use the developers console and download your service account
// credentials in JSON format. Place the file in this directory or
// change the key file location if necessary.
putenv('GOOGLE_APPLICATION_CREDENTIALS='.__DIR__.'/service-account.json');
/**
 * Gets the Google client refreshing auth if needed.
 * Documentation: https://developers.google.com/identity/protocols/OAuth2ServiceAccount
 * Initializes a client object.
 * @return A google client object.
 */
function getGoogleClient() {
    return getServiceAccountClient();
}
/**
 * Builds the Google client object.
 * Documentation: https://developers.google.com/api-client-library/php/auth/service-accounts
 * Scopes will need to be changed depending upon the API's being accessed. 
 * array(Google_Service_Analytics::ANALYTICS_READONLY, Google_Service_Analytics::ANALYTICS)
 * List of Google Scopes: https://developers.google.com/identity/protocols/googlescopes
 * @return A google client object.
 */
function getServiceAccountClient() {
    try {   
        // Create and configure a new client object.        
        $client = new Google_Client();
        $client->useApplicationDefaultCredentials();
        $client->addScope([YOUR SCOPES HERE]);
        return $client;
    } catch (Exception $e) {
        print "An error occurred: " . $e->getMessage();
    }
}

Developer console

Under clients check that the client you are using is one that can be found under service account keys. If not then it is the wrong client type and will not work with your code. Create a new service account client and set up domain wide delegation with that client id.

---

Related Topics