Google API Service Account - Can't Access Private Data - node.js

Trying to access my personal calendar data using a service account.
I've gone through the setup for creating a service account (with owner permissions). Using NodeJS, I've successfully made requests to my public calendar, but not my private calendars. ( the same result using googleapis and google-OAuth-jwt packages)
Everything that I've searched shows that I need to give "domain-wide authority", BUT, I do not have a G Suite account, so I don't believe this applies to me.
So the question is, can one access their own personal calendar data using a service account? What might I be missing?

You may refer with this SO post. It stated that the service account has its on Google calendar account so if you are trying to read one of your personal calendars, you are going to share it with the service account. You can check the example given using the Json service account key file.

Answer in comments, thanks to abielita. Link to answer.
Remember service accounts are not you. The service account has its own Google calendar account so if you are trying to read one of your personal calendars you are going to have to share it with the service account.
Shared the calendar with my service account.

Related

How can I programmatically seamlessly share a clients google calendar with a service account as automatically as possible

I am trying to share a service account with any user's calendar and would like to know if anyone knows how to do so on the backend which is node.js or the frontend which is flutter/dart so that the user has to do as little as possible to add the service account to their calendar.
When onboarding a user on the flutter/dart front end I would like to ask a user if a service account can be added to a calendar on their account so the system can handle certain scheduling tasks for the user. I am assuming that the user is not technical. Ideally, I would like to add a new calendar to the user's account and share the service account with that.
After onboarding I would like all actions which the system does with the users calendar to take place on a node.js server using the service account.
I would like the service account to be able to read events from the user's calendar, add events, and find times during which the user is not already booked.
I have searched the internet for many hours and there is very little information about how to do this.
Also, will using a service account to view and modify and find available times on a user's calendar only work with workplace calendars and not with free calendars?
There are services/methods available using Calendar API that can achieve the functionality you want, you may look into the following:
Method: users.list - for listing the users within your organization (as reference calendarId for the other methods needed)
Calendars:insert - for creating a secondary calendar.
Acl: update - for setting Access Control List to the created secondary calendar.
Events: list & Events: get - for listing and getting the specified event needed for modification.
Now, for creating and authorizing the service account for this, you may check this reference link for Authorizing Requests to the Google Calendar API.
Bear in mind that read/write access to events/calendars requires the correct scope as define on the link above.
Here's the OAuth 2.0 scope information for the Google Calendar API:
https://www.googleapis.com/auth/calendar read/write
access to Calendars
https://www.googleapis.com/auth/calendar.readonly read-only access to
Calendars https://www.googleapis.com/auth/calendar.events read/write
access to Events
https://www.googleapis.com/auth/calendar.events.readonly read-only
access to Events
https://www.googleapis.com/auth/calendar.settings.readonly read-only
access to Settings
https://www.googleapis.com/auth/calendar.addons.execute run as a
Calendar add-on
And lastly, service accounts have no rights/authorization to access personal Gmail accounts, since the Domain-wide delegation feature only applies to user accounts within your organization.

How to create new Microsoft organization?

I'm completely new to ms world and trying to access API under my personal account
https://learn.microsoft.com/en-us/graph/api/group-list?view=graph-rest-beta&tabs=http
However this API says that it can only be accessed using Delegated (work or school account).
Can anyone explain how to setup new organization account (taking into account that we have no organization yet), which ms service to use and which plan to subscribe for, if needed. They have so many services and it looks so confusing to assemble all this together, so please help.
As I said in the comments, first you need to have a tenant. If you have not buy an Azure subscription yet, you can also use a free account.
Then you can create a new work account or invite guest users in the tenant.

Azure account email forgotten

A few months ago I created a Microsoft account for Azure services. I got an API key for an Android app, I updated the app recently and the API key is working fine. The thing is I wanted to check my account and I realized I had forgotten my MS account.
I've tried to check in my other email providers if I received some emails from that account, any password recovery or anything like that, but... nothing. The only thing I have is the API key stored in my app's server.
Is there any way I can recover my account?
Thank you.
That is insufficient to recover the account. You should contact Azure support and give your name and details (KYC) and they will be able to get you back in.

Control Access to Microsoft Azure Account

Our company has a Microsoft Azure account (Pay-As-You-Go).
We had a programmer that developed our web app. We gave him full access to our Azure account. So, he had access to everything.
We intend to hire another developer to make modifications to the web app, so he'll need access to the App Services and SQL Databases. Our intention is to just allow him access to those features.
We did our research and came across the documentation, Resources, roles, and access control in Application Insights. We followed it step by step, but there's an issue. Doc LINK
We tested the procedure by adding one of our IT staff's Microsoft account (personal Outlook.com account) and assigning him the Contributor role, and sent him an invite. He's not seeing the invite. We did the same for another staff, but it's the same problem.
Can we get some assistance please?
It was not working earlier .I tried with one gmail id. Now it is working perfectly fine and I am able to receive the invitation email.
To send invitation, you need to go to active directory. Add user's email as a guest under add user option (Add guest user).

Confusion between work account & Microsoft account

I am using my work email address to set up multiple Azure IaaS environments. When I log into Azure, I get asked if I want to use the "Work or School Account" or "Personal Account" - both referring to the same email address.
I don't recall setting up anything in terms of personal accounts, or linking my work email as a Microsoft Outlook.com/Hotmail/etc account.
Access to the subscription has been applied to my Personal account, not the work one.
When granting access, there's no way to pick which one you're giving access to.
Couple of questions
I've created some VMs but want them to be linked to my work account. Can I change this?
How do I unlink my work email from Personal. I want to use work just for work, and not have any confusion between the two.
See this screengrab for more information:
There are few problem with your account so lets go over them one by one.
First means that now you have 2 different accounts one it is your work account another one it is your microsoft account. You can create both of them with the same email since they are from 2 different tenants.
This is a concept important or you to understand there is something on Azure that it is over the subscription that is the tenant
Tenant
|- Subscription
|- Resource Group
|- Resource
All subscription under the same tenant have the same Authentication method, this Authentication method can be linked to an Azure Active Directory ( Office 365 subscriptions are Azure Active Directory ) So you can open a request to microsoft to transfer your subscription to your company tenant. if you do this all the resources under it will be transferred to your other authentication. You can open this ticket on the portal.
If you don't want your personal account anymore you can close it on https://account.live.com/closeaccount.aspx
Thanks to those who edited the question for me, my line-breaks didn't work by default, I'll ensure that I get it write next time. I was only allowed to post the image as an attachment being first-time poster, someone fixed that for me.
The answer from Gabriel Monteiro Nepomuceno was correct and touched on the root cause, but there's one element I didn't include in my question.
Regarding the tenant: the tenant is created under the company account of "company.com". I am a sub-contractor and was granted access to my own account at "benscompany.com". Azure support have advised that its only possible to grant access to different account via the personal account.

Resources