This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Unable to retrieve files: googleapi: Error 403: Request had insufficient authentication scopes.

Posted on 07-06-2023 06:48 PM
ghostwhowalks
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm a novice user, so its quite likely the problem is at my end -- so with that warning, here goes.

I have a simple drive search program with OAuth2, and it keeps failing with insufficient authentication scopes. I have pretty much all the authentication scopes selected, but it seems fail regardless...Is passing in the SCOPES array being done correctly? 

 

Any help is appreciated!

 

 
conf := &oauth2.Config{
ClientID: config.GoogleDriveClientID,
ClientSecret: config.GoogleDriveClientSecret,
RedirectURL: config.GoogleDriveOAuthRedirectUrl,
Scopes: []string{
},
Endpoint: google.Endpoint,
}
tokenRes, err := utils.GetGoogleDriveOauthToken(code)
if err != nil {
fmt.Printf("error is being logged ")
log.Fatal(err)
}
tok := &oauth2.Token{AccessToken: tokenRes.Access_token }
// tok, err := conf.Exchange(context.Background(), "authorization-code")
client := conf.Client(context.Background(), tok)
fmt.Printf("client is %v ", client)

srv, err := drive.NewService(ctx, option.WithHTTPClient(client))
if err != nil {
log.Fatalf("Unable to retrieve Drive client: %v", err)
}

r, err := srv.Files.List().PageSize(10).
Fields("nextPageToken, files(id, name)").Do()
if err != nil {
log.Fatalf("Unable to retrieve files: %v", err)
}
 
Solved Solved
1 4 1,476
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ghostwhowalks
Bronze 1
Bronze 1
In response to Willbin
Reply posted on --/--/---- --:-- AM

I found out the issue here. There are a couple of issues:

1. The golang example expects a code to be printed on the browser, but for some reason unlike the python example, it does not spin up a webserver to show the code. So, one should extract the code from the url generated and paste that in. It works fine later

2. The issue in my code was indeed to do with the scopes being passed in. There was a flaw in my understanding though, the scopes are passed in at first via the js code and then the golang handler was kicking in to make the request with the token (that also specifies scopes). So, while the scopes defined in the golang code was correct, the js code was not specifying the scopes correctly. I am using a clientid and not a service acct.

Moral of the story is understand oauth2 carefully, it's a 3 legged stool and can fail at any leg.

Posting it here in case this is useful to someone else in the future.

View solution in original post

Jump to Solution
4 REPLIES 4

Posted on --/--/---- --:-- AM
ghostwhowalks
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

bueller? bueller?

Jump to Solution

Posted on --/--/---- --:-- AM
Willbin
Staff
Reply posted on --/--/---- --:-- AM

Hello @ghostwhowalks,

Welcome to Google Cloud Community!

You have to make sure that your app is enabled to authenticate to Google Cloud APIs and authorize access to other resources using your service account. Ensure that the service account has the necessary IAM roles and permissions to access the specific API or resource you are trying to interact with.

From the console, you can set the proper scopes for your service account. A restart of your instance might be required for the scopes to be applied.

This link is also useful when attaching a service account to your instance. 

Jump to Solution

Posted on --/--/---- --:-- AM
ghostwhowalks
Bronze 1
Bronze 1
In response to Willbin
Reply posted on --/--/---- --:-- AM

I found out the issue here. There are a couple of issues:

1. The golang example expects a code to be printed on the browser, but for some reason unlike the python example, it does not spin up a webserver to show the code. So, one should extract the code from the url generated and paste that in. It works fine later

2. The issue in my code was indeed to do with the scopes being passed in. There was a flaw in my understanding though, the scopes are passed in at first via the js code and then the golang handler was kicking in to make the request with the token (that also specifies scopes). So, while the scopes defined in the golang code was correct, the js code was not specifying the scopes correctly. I am using a clientid and not a service acct.

Moral of the story is understand oauth2 carefully, it's a 3 legged stool and can fail at any leg.

Posting it here in case this is useful to someone else in the future.

Jump to Solution

Posted on --/--/---- --:-- AM
ghostwhowalks
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Would using a client id not work? I have been using an OAuth client id with appropriate permissions. Incidentally that same clientid and credentials work with the python example

Jump to Solution
Top Labels in this Space