4

I can access the list of websites with the google API for webmasters using an access token granted via web service request and now I'd like to do it via a server to server request.

After giving the permission to a server account to access the list I cannot use setAssertionCredentials properly using the following scope:

'https://www.googleapis.com/auth/webmasters'

Case 1

when impersonating the user account:

$cred->sub = 'user.account@gmail.com';

the PHP client returns

'Error refreshing the OAuth2 token, message: '{ "error" : "unauthorized_client", "error_description" : "Unauthorized client or scope in request." }

Case 2

Without impersonating the user account the PHP client get an empty array

Question

How to impersonate a user using a server to server Google for webmasters API request?

Related contents without answer

Nmk
  • 1,169
  • 2
  • 10
  • 23
RafaSashi
  • 14,170
  • 8
  • 71
  • 85
  • 1
    I've been having trouble with this too. I can only get the `https://www.googleapis.com/auth/webmasters.readonly` scope to work. I assume you've set up impersonation for domain-wide authority for the account: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority – jwadsack May 26 '15 at 22:44
  • I am having trouble with `https://www.googleapis.com/auth/webmasters.readonly`. The service account email works fine without impersonation if you manually grant it access to your WMT sites one by one. I work at an agency however, and we don't have admin access for all the sites we manage, and so need the impersonation to work. – Jake Whiteley Jun 01 '15 at 11:44
  • Thanks Jake! How can I manually grant access in a server to server request? Do you mean giving ownership to the developer id/email ? – RafaSashi Jun 01 '15 at 11:55
  • @RafaSashi If you have gone down the service account method of authentication, then you can go to your WMT dashboard, and click the manage property dropdown to add your service account email to that WMT property (it only needs restricted access). – Jake Whiteley Jun 02 '15 at 11:36

1 Answers1

0

I would say that to do it via a server to server request would make some troubles.

As you can get it via web service request, you can initiate an external trigger to your php function and put the data in json on Google Cloud Storage (GCS) as public, so you can access the data you need via a server to server request and delete it immediately when it is done.

Community
  • 1
  • 1
Chetabahana
  • 7,806
  • 2
  • 50
  • 70