This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Dialogflow Test Users No permissions to ChatBot

Posted on 12-06-2024 04:59 AM
sqoor
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hello,

I have a chatbot with dialogflow, published on a webpage, on the app engine also locally.

The app connected to oAuth for the authentication consent screen. When I log in with my IAM user I can access the chatbot and can chat with it.


I have added test users (from outside the org - no GCP Accounts), I can log in successfully but I cannot chat I have an error

 

 

 

{
  "error": {
    "code": 403,
    "message": "Caller does not have required permission to use project xxxx. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=xxxx and then retry. Propagation of the new permission may take a few minutes.",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.Help",
        "links": [
          {
            "description": "Google developer console IAM admin",
            "url": "https://console.developers.google.com/iam-admin/iam/project?project=xxxx"
          }
        ]
      },
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "USER_PROJECT_DENIED",
        "domain": "googleapis.com",
        "metadata": {
          "consumer": "projects/xxxx",
          "service": "dialogflow.googleapis.com"
        }
      }
    ]
  }
}

 

 

 

in the consent screen I have added all the scopes, Dialgoflow and all of them, I have added the test users (if removed it then won't be able to login first place.

For app engine defulat service account I have added roles:  

  • Dialogflow API Client
  • Service Usage Consumer

Same issue appears where app deployed on app engine and as well locally.  

0 3 342
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dawnberdan
Staff
Reply posted on --/--/---- --:-- AM

Hi @sqoor,

Welcome to Google Cloud Community!

The error message you're seeing means your test users don't have the right permissions to use your Dialogflow chatbot. Here's how to troubleshoot and some workarounds that you may try:

1. Grant Permissions in Google Cloud:

  • Go to your project's IAM & Admin section in the Google Cloud Console.
  • Add your test users and give them the "roles/serviceusage.serviceUsageConsumer" role. You can also create a custom role with the "serviceusage.services.use" permission. You may refer to this documentation for more information.

2. Check Your OAuth Consent Screen:

  • Make sure your OAuth consent screen includes the necessary scopes for Dialogflow. You can check this article/blog that covers Activating OAuth Consent Screen on Applications  which could be helpful for you.

3. App Engine Default Service Account:

  • The default service account for your App Engine app also needs the "Dialogflow API Client" and "Service Usage Consumer" roles. Double-check that it has these permissions.

If you are working locally, ensure you are using the correct service account credentials with the required permissions. Additionally, for troubleshooting purposes, double-check your OAuth consent screen and granted permissions before attempting to log in with your test users again.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

Posted on --/--/---- --:-- AM
sqoor
Bronze 5
Bronze 5
In response to dawnberdan
Reply posted on --/--/---- --:-- AM

Hello @dawnberdan , 

Thanks for your reply. 

Grant Permissions in Google Cloud: 
Unfortunately, I cannot add the test users to GCP, I have restrictions due to organization policies. So I was thinking of a way to add users to access the chatbot in the testing phase as well as in production without the need to add them as IAMs

Check Your OAuth Consent Screen:
I have added auth and Dialogflow scopes, and for the sake of testing I have added all the available scopes, and I had the same error 


App Engine Default Service Account:
I have added the role "Service Usage Consumer" and dialogflow API client to the default App Engine service account as well the services account attached to the chatbot client (web app deployed on app engine) and had the same error. 

Locally I have set up the environment variable "GOOGLE_APPLICATION_CREDENTIALS" With a service account that has an owner role but had the same error as well, I tried with roles Dialogflow API Client and Service Usage Consumer but it didn't work either.

0 Likes

Posted on --/--/---- --:-- AM
dawnberdan
Staff
In response to sqoor
Reply posted on --/--/---- --:-- AM

Hi @sqoor,

I suggest contacting Google Cloud Support for further assistance.

I hope this helps!