Is it possible to have ......@developer.gserviceaccount.com added to my rise account?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
When using the google client "services" (application-to-application) api, it sets up an issuer unique id "email address" XXXX@developer.gserviceaccount.com.  This email is assigned the application; with no real email domain.  For the rise vision api to succeed, I need to have this account registered in my account. I have registered the account but don't have ability to accept terms of service.  I get the following errors:
 {  "domain": "global", "reason": "forbidden", "message": "User has not yet accepted the Terms of Service" }
I can email the actual developer.gserviceaccount.com address? 

Thanks,
    Glenn
Photo of Glenn Reese

Glenn Reese

  • 838 Points 500 badge 2x thumb

Posted 4 years ago

  • 1
Photo of Alexey

Alexey, Employee

  • 550 Points 500 badge 2x thumb
Glenn,


XXXX@developer.gserviceaccount.com is a service account, it identifies your project with Google same way clientId does.


User account (the kind that needs to accept the terms of service) identifies a user (a human) with our system.


An application identified by a service account can have many human users and while each of those users needs to accept the terms of service, the application itself does not, you just need to register its client ID with us.


Perhaps I am misunderstanding your question, so could you please clarify what it is you are trying to accomplish?


Thanks,

Alexey
(Edited)
Photo of Glenn Reese

Glenn Reese

  • 838 Points 500 badge 2x thumb
Hi Alexey,
    I do have the client_id registered with rise vision. I can provide. When I make the following calls to the api; I get user not found. My understanding of this method is "issuer" is being sent to the core api and core api does not find the user. I can't replace that with my email address because it is linked to my client_id. Maybe I am missing something... this all works with the InstalledAppFlow; but would prefer the services.  By adding the issuer email to rise vision, it provided the terms of use error response. Thanks, 

  @client.authorization = Signet::OAuth2::Client.new(  :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
 :audience => 'https://accounts.google.com/o/oauth2/token',
 :scope => 'https://www.googleapis.com/auth/userinfo.email',
 :issuer => 'XXXXXX@developer.gserviceaccount.com',
 :signing_key => @key)
@client.authorization.fetch_access_token!

ERROR:
"domain": "global",
"reason": "forbidden",
"message": "User is not found"

Photo of Glenn Reese

Glenn Reese

  • 838 Points 500 badge 2x thumb
Hello.  I figured it out.  Surprised by the lack of clarity on some of the options within some of the gapi's methods.  You can pass a redirect based on "person" and explicitly set "email". This overrides the default but required issuer which must map to the services email.  All works and much cleaner ;-) Thanks again for your responses.