Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Random de-auhorizations when using Google APIs #471

Open
ianhyzy opened this issue Dec 6, 2023 · 2 comments
Open

Random de-auhorizations when using Google APIs #471

ianhyzy opened this issue Dec 6, 2023 · 2 comments
Assignees
@jpoehnelt

Comments

@ianhyzy
Copy link

ianhyzy commented Dec 6, 2023

I have an Apps Script app using this library to makes changes using domain-wide delegation. Right now it can edit Gmail and Calendar ACLs. I'ven noticed weird but intermittent behavior. I will get the below error despite 1) The service being on in GCP 2) the scopes are in the Admin Console in the app's details in the DWD section in Security 3) The scopes are in appscript.json and 4) I ran a script once from the editor to get the "approve this app" popup so I could click yes.

I can delete all the script properties and try again, and it will work, but in the most recent case I had Gmail working but not Calendar. I deleted the script property and Calendar worked but then the Gmail service threw the error!

What's going on?

{
  "error": {
    "code": 403,
    "message": "Request had insufficient authentication scopes.",
    "errors": [
      {
        "message": "Insufficient Permission",
        "domain": "global",
        "reason": "insufficientPermissions"
      }
    ],
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
        "domain": "googleapis.com",
        "metadata": {
          "method": "caribou.api.proto.MailboxService.ListDelegates",
          "service": "gmail.googleapis.com"
        }
      }
    ]
  }
}```
@ianhyzy
Copy link
Author

ianhyzy commented Dec 6, 2023

Disabling caching fixed this it looks like. I'm guessing, but when trying to perform two actions on one user, I would call getService twice, with only the scopes needed for the specific action. Should I have one giant scoped access request that I cache? Or leave caching off?

@roma2341
Copy link

roma2341 commented Jun 15, 2024
edited
Loading

I also get an ACCESS_TOKEN_SCOPE_INSUFFICIENT error randomly in Java code when trying to access users' calendars from a service account, google APIs are very unstable, and error messages are deceptive. I'm sure I do everything correctly because it works for all users, but then randomly, the API returns an ACCESS_TOKEN_SCOPE_INSUFFICIENT error, my scopes are always the same so I don't understand what is wrong. Google didn't even provide any assistance when we had issues with their API and said that perhaps we incorrectly used their API so it does not make sense to expect that they provide some adequate assistance

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jpoehnelt jpoehnelt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jpoehnelt @ianhyzy @roma2341