googleapis
Example request: domain-wide delegation case for the service account
I've had a problem that the API client gave me HTTP 404 Error with the domain-wide delegated service account while all the configuration in both Google Cloud Platform and the Google Admin for G Suite. I've contacted the Google team, and I got the answer: I had to impersonate a user account! (https://developers.google.com/identity/protocols/oauth2/service-account#authorizingrequests)
I've read the source code here and I found that in this PHP client I should call Google_Client::setSubject(). Although the doc here explains that, but it'd be much intuitive if there are some additional lines of code in the example, like the following:
if ($credentials_file = checkServiceAccountCredentialsFile()) {
// set the location manually
$client->setAuthConfig($credentials_file);
+ // impersonate if the domain-wide delegation is used
+ $client->setSubject('[email protected]');
Since that example is only for a service account, and not for domain-wide delegation, I'd prefer to leave it as-is. however, we could add a commented-out line like so:
if ($credentials_file = checkServiceAccountCredentialsFile()) {
// set the location manually
$client->setAuthConfig($credentials_file);
// if the domain-wide delegation is used:
// $client->setSubject('[email protected]');
