My team is currently developing an application to list my company's domain users in GCP, using the Admin SDK, for onboarding and offboarding purposes.
We're using a service account to do this and we've have added the admin.directory.user.readonly scope, in the Google Admin's advanced settings, to it. The Admin SDK API is activated and we can see the service account in the Credentials area.
When we invoke the https://www.googleapis.com/admin/directory/v1/users endpoint with the parameters viewType=domain_public and domain=[our domain], while using an access token generated with oauth2l, we receive the following message:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
Could there be any domain restriction being applied that we don't have vision of?