Hello,
I have a chatbot with dialogflow, published on a webpage, on the app engine also locally.
The app connected to oAuth for the authentication consent screen. When I log in with my IAM user I can access the chatbot and can chat with it.
I have added test users (from outside the org - no GCP Accounts), I can log in successfully but I cannot chat I have an error
{
"error": {
"code": 403,
"message": "Caller does not have required permission to use project xxxx. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=xxxx and then retry. Propagation of the new permission may take a few minutes.",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developer console IAM admin",
"url": "https://console.developers.google.com/iam-admin/iam/project?project=xxxx"
}
]
},
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "USER_PROJECT_DENIED",
"domain": "googleapis.com",
"metadata": {
"consumer": "projects/xxxx",
"service": "dialogflow.googleapis.com"
}
}
]
}
}
in the consent screen I have added all the scopes, Dialgoflow and all of them, I have added the test users (if removed it then won't be able to login first place.
For app engine defulat service account I have added roles:
Same issue appears where app deployed on app engine and as well locally.