I am trying to see how I can get all the files and folders shared with a group. I have a service account that I am able to impersonate a user and get all files shared with a user. However when I try to impersonate a group, I get an error that I don't have the right scope or permissions. Here is my code
from googleapiclient.discovery import build
from google.oauth2 import service_account
SCOPES = ['https://www.googleapis.com/auth/admin.directory.group.member.readonly',
'https://www.googleapis.com/auth/admin.directory.group.readonly',
'https://www.googleapis.com/auth/drive.readonly']
SERVICE_ACCOUNT_FILE = 'some/path/creds.json'
creds = service_account.Credentials.from_service_account_file(SERVICE_ACCOUNT_FILE, scopes=SCOPES, subject='[email protected]')
service = build('drive', 'v3', credentials=creds)
query = 'sharedWithMe = true'
files = service.files().list(q=query).execute().get('files')
print(files)
this is the error I get:
google.auth.exceptions.RefreshError: ('unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.', {'error': 'unauthorized_client', 'error_description': 'Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.'})
these are scopes that I have been authorized for my service account by my admin
- 'https://www.googleapis.com/auth/admin.directory.group.member.readonly'
- 'https://www.googleapis.com/auth/admin.directory.group.readonly'
- 'https://www.googleapis.com/auth/drive.readonly'
Again this code works for any users using our domain. Am I missing a scope or permissions? Are we not able to look up a file for a group since it is not a user account?
Thanks for your help in advance