Trying to create an application that updates links in my domains emails. I have got the service account element working, and can retrieve all the email accounts in my domain on Google Apps.
So with
config, err := google.JWTConfigFromJSON(data,
"https://www.googleapis.com/auth/admin.directory.user",
"https://www.googleapis.com/auth/gmail.readonly")
I create a new admin object, and srv.Users.List() giving me the users.
I now want to start a watch on each account so that Gmail can push emails to my app.
To do this, I need an access token and the impersonate the email address of the account I want to start the watch on.
ctx := context.Background()
tokenSource := config.TokenSource(ctx)
token, err := tokenSource.Token()
where config comes from JWTConfigFromJSON earlier.
It attemps to make the watch request, but I get the error googleapi: Error 403: Insufficient Permission, insufficientPermissions
First issue: I'm not sure I can get the token like this, do I have to have a seperate oAuth config and then use that to get the token? (That would surely require user interaction).
Second issue: I suspect I have not set the correct permissions, in either the code, or in the Service Account, but I'm not sure what they should be
Last issue: in the JWTConfigFromJSON call, When I remove the gmail scope, it it successfully gets a token. When I put it back I get "Unauthorized client or scope in request."
Any help greatly appreciated! Thanks