I'm struggling to find the problem since two days without any idea why I get this error now even though the app was fully functional one month before.
Among the tasks done by the web app, it makes an Admin SDK API call to get the list of members of a group. The app has the scope https://www.googleapis.com/auth/admin.directory.group.readonly
, but I get the 403 error "Not Authorized to access this resource/api" (I verified that the Admin SDK API was enabled in Google's Console).
By the way, the app had no problem to make a request to Google Classroom API before.
The most incredible thing here is that the app secrets have been generated by an admin account. And that I get this error when I log into the app with this same admin account. However, when I do tests with the documentation's (https://developers.google.com/admin-sdk/directory/v1/reference/members/list#response) I get a 200 response without a problem with exactly the same authorized scope.
Getting the list of members worked without a problem before with this admin account. Since then, nothing has changed in source code or in configuration so far as I know. So I think the problem may be related to the client secrets in some way, but I have no idea how.
This web app will only be used by this admin account
In my research on StackOverflow, I found most things talking about "Google Apps Domain-Wide Delegation of Authority" (https://developers.google.com/admin-sdk/directory/v1/guides/delegation), but I never used this when it worked before. And I would like to avoid this.
Do you have an idea why I get this 403 error with the web app even though it works when just testing the request in the documentation and I'm using a Super-Admin account ?
Edit: I've now tested a simple snippet with "Google Apps Domain-Wide Delegation of Authority" based on this gist https://gist.github.com/MeLight/1f4517560a9761317d13ebb2cdc670d3 and the snippet alone works. However, when using it inside my app, I still get the 403 error. I'm getting insane, what could be the permission issue?