I'm making an application that should set the signature for every user in the domain. When I try to set the signature on primary aliases this work fine, but this solution is not working for other aliases (non-primary aliases).
I use a domain wide delegation that is working fine since I can set the signature for all primary send as aliases in the domain. To do so I use the request : 'www.googleapis.com/gmail/v1/users/<email_address>/settings/sendAs/<alias_address>'. When I do the exact same thing for non-primary aliases I receive an error 403 with a message telling i'm missing the scope 'www.googleapis.com/auth/gmail.settings.sharing'.
Missing required scope "https://www.googleapis.com/auth/gmail.settings.sharing" for modifying non-primary SendAs
These are the scopes I use in my code :
"oauthScopes": [
"https://www.googleapis.com/auth/gmail.settings.basic",
"https://www.googleapis.com/auth/gmail.settings.sharing",
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/documents",
"https://www.googleapis.com/auth/admin.directory.user.readonly",
"https://www.googleapis.com/auth/drive.readonly"
]
As you can see the scope 'sharing' is present.
// The service that allow me to list send as alias
var serviceListe = getDomainWideDelegationService('Gmail: ', 'https://www.googleapis.com/auth/gmail.settings.basic', user.primaryEmail)
// THe service that allow me to edit send as signature
var serviceModif = getDomainWideDelegationService('Gmail: ', 'https://www.googleapis.com/auth/gmail.settings.sharing', user.primaryEmail)
The code that returns the domain-wide delegation :
function getDomainWideDelegationService(serviceName, scope, email) {
return OAuth2.createService(serviceName + email)
// Set the endpoint URL.
.setTokenUrl('https://oauth2.googleapis.com/token')
// Set the private key and issuer.
.setPrivateKey(OAUTH2_SERVICE_ACCOUNT_PRIVATE_KEY)
.setIssuer(OAUTH2_SERVICE_ACCOUNT_CLIENT_EMAIL)
// Set the name of the user to impersonate. This will only work for
// Google Apps for Work/EDU accounts whose admin has setup domain-wide
// delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
.setSubject(email)
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(PropertiesService.getScriptProperties())
// Set the scope. This must match one of the scopes configured during the
// setup of domain-wide delegation.
.setScope(scope);
}
According to the documentation here:
Taking this into account, I suggest you separate the scopes using spaces and not commas.
Reference