I have something similar I use for user admin on GA, the get_credentials() function is identical (save that I use an admin_directory.json instead of gmail), the userid/access tokens will get stored in ~/.credentials/gmail-api.json for you, what happens if you delete that file and re-run?
I've had good luck walking through this https://developers.google.com/admin-sdk/directory/v1/guides/delegation#create_the_service_account_and_its_credentials but it sounds like you may already be there. > On May 29, 2016, at 8:59 AM, Ski Kacoroski <[email protected]> wrote: > > Hi, > > One of the apps my teachers use to manage google, created groups for all > classes and schools that were open to public postings. Well a few kids found > this out and now I have really nasty stuff in almost every kids email box > which I really need to remove. I was able to get a python script cribbed > together that worked on one account to remove the emails, but now I get > > <HttpError 403 when requesting > https://www.googleapis.com/gmail/v1/users/711201%40apps.nsd.org/messages?q=in%3AINBOX+after%3A2016%2F05%2F28&alt=json > returned "Delegation denied for [email protected]"> > > on any other account. I have tried redoing my oauth account several times > and even created a new project - no luck. I am logged into the > console.developers.google.com and can see the account. I created the account > with delegation enabled and set the scope to https://mail.google.com. > Problems are how to debug: > > * I can find no way to verify that delegation is on or off > > * I can verify that gmail and google+ domains apis are enabled. > > I think I need to modify the following to include the userid somehow, but am > not sure: > > def get_credentials(): > """Gets valid user credentials from storage. > > If nothing has been stored, or if the stored credentials are invalid, > the OAuth2 flow is completed to obtain the new credentials. > > Returns: > Credentials, the obtained credential. > """ > home_dir = os.path.expanduser('~') > credential_dir = os.path.join(home_dir, '.credentials') > if not os.path.exists(credential_dir): > os.makedirs(credential_dir) > credential_path = os.path.join(credential_dir, 'gmail-api.json') > > store = oauth2client.file.Storage(credential_path) > credentials = store.get() > if not credentials or credentials.invalid: > flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES) > flow.user_agent = APPLICATION_NAME > if flags: > credentials = tools.run_flow(flow, store, flags) > else: # Needed only for compatibility with Python 2.6 > credentials = tools.run(flow, store) > print('Storing credentials to ' + credential_path) > return credentials > > cheers, > > ski > > -- > "When we try to pick out anything by itself, we find it > connected to the entire universe" John Muir > > Chris "Ski" Kacoroski, [email protected], 206-501-9803 > or ski98033 on most IM services > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
