Appengine服务器到服务器的身份验证和Google Domain-wide Authority

Question

我正在尝试从YouTube报告API中提取报告，并将其上传到GCS中。由于必须使用oauth2，因此我使用了Google的指南来创建服务帐户并授予其域范围的权限。虽然我可以通过身份验证的服务来在用户级别提取报告。当appengine运行请求时，我得到“调用者没有权限”。知道下一步怎么看吗？

SCOPES = ['https://www.googleapis.com/auth/yt-analytics-monetary.readonly',
     'https://www.googleapis.com/auth/youtubepartner-content-owner-readonly',
     'https://www.googleapis.com/auth/devstorage.read_write']
SERVICE_ACCOUNT_FILE = 'file.json'
credentials = service_account.Credentials.from_service_account_file(
    SERVICE_ACCOUNT_FILE, scopes=SCOPES)
delegated_credentials = credentials.with_subject('email@email.com')
storage_client = build('storage', 'v1', credentials=credentials)
youtube_reporting = build('youtubereporting', 'v1', 
credentials=credentials)

跟踪：

Traceback (most recent call last):
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1535, in __call__
    rv = self.handle_exception(request, response, e)
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1529, in __call__
    rv = self.router.dispatch(request, response)
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1278, in default_dispatcher
    return route.handler_adapter(request, response)
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1102, in __call__
    return handler.dispatch()
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 572, in dispatch
    return self.handle_exception(e, self.app.debug)
  File "/base/alloc/tmpfs/dynamic_runtimes/python27/b93f87cfaa0115e5_unzipped/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 570, in dispatch
    return method(*args, **kwargs)
  File "/base/data/home/apps/s~test-project-67412/20180712t103610.411083715789214207/main.py", line 66, in get
    jobs = list_jobs(youtube_reporting, ContentOwner, True)
  File "/base/data/home/apps/s~test-project-67412/20180712t103610.411083715789214207/main.py", line 52, in list_jobs
    includeSystemManaged=True).execute()
  File "/base/data/home/apps/s~test-project-67412/20180712t103610.411083715789214207/lib/googleapiclient/_helpers.py", line 130, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/base/data/home/apps/s~test-project-67412/20180712t103610.411083715789214207/lib/googleapiclient/http.py", line 840, in execute
    raise HttpError(resp, content, uri=self.uri)
HttpError: <HttpError 403 when requesting https://youtubereporting.googleapis.com/v1/jobs?onBehalfOfContentOwner=ContentOwner&alt=json&includeSystemManaged=true returned "The caller does not have permission">

-更新- 因此，我想这与服务帐户的域范围权限有关。我删除了该帐户，创建了一个新帐户，并授予了它在整个域的权限，并且现在可以正常使用了。