In a Google Workspace Business Starter edition.
If I use a service account that impersonates a user, can I create a message in a chat space that has the impersonated user as a member while the service account is NOT a member?
The service account email is considered "external to organization" and not admitted as member of a "chat space" in GWB Starter edition.
Asyncronous app using python (server to server):
scopes = [
'https://www.googleapis.com/auth/chat.bot']
credentials = google.oauth2.service_account.Credentials.from_service_account_file(
service_secret_file_path,
scopes=scopes)
delegated_credentials = credentials.with_subject(email)
service.spaces().messages().create().execute() return:
invalid_scope: Some requested scopes cannot be shown: [https://www.googleapis.com/auth/chat.bot]
Is this the symptom that a service account, although domain wide delegated and representing a user who is a member of the space, is not valid?
EDIT: service account, delegating user and space are in the same domain and organization.
Although the service account is generated in the same GWB account that also contains the chat space, it is not accepted as a member of the space because the system classifies the service account as foreign principal.