Reputation: 2468
Gmail API returns 403 forbidden and no other messages (other API's working fine)
I've got an application with several successful Google API integrations. I'm hitting a roadblock trying to add Gmail integration into the mix. I'm using the .NET API, Google.Apis.Gmail.v1 (version 1.9.0.140).
Here's my code showing a successful Drive API call followed by the Gmail API call that fails:
var drive = new DriveService(Context.GoogleOAuthInitializer);
var list = drive.Files.List().Execute();
Console.WriteLine(list.Items.Count);
// Output: 100 (first page of results)
var gmail = new GmailService(Context.GoogleOAuthInitializer);
var result = gmail.Users.Drafts.List("me").Execute();
// Throws exception described below
The .NET exception provides this information:
Google.Apis.Requests.RequestError
Forbidden [403]
Errors [
Message[Forbidden] Location[ - ] Reason[forbidden] Domain[global]
]
I'm using the following scopes to get the OAuth token. When I added the gmail scope, I was (as expected) prompted again by Google, "Do you want to give this application access to your email?" I also enabled the gmail API in the Google API Console.
https://www.google.com/m8/feeds
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/cloudprint
https://www.googleapis.com/auth/userinfo.email
https://mail.google.com/
* https://www.googleapis.com/auth/gmail.compose was tried as well
Really wish there was something more helpful in the message to point me in the right direction!!!
Upvotes: 0
Views: 2881
Answers (2)
Reputation: 2468
I had rolled my own OAuth implementation, and I had this code to add the authorization header:
void IConfigurableHttpClientInitializer.Initialize(ConfigurableHttpClient httpClient) {
string auth = string.Format("AuthSub token=\"{0}\"", GoogleOAuthToken);
httpClient.DefaultRequestHeaders.Add("Authorization", auth);
}
and this worked fine for the Drive, CloudPrint, and Contacts API's, but for some reason the Gmail API's needed this:
void IConfigurableHttpClientInitializer.Initialize(ConfigurableHttpClient httpClient) {
string auth = string.Format("Bearer {0}", GoogleOAuthToken);
httpClient.DefaultRequestHeaders.Add("Authorization", auth);
}
Makes sense, I guess, although I don't know why the API's would act differently.
Edit: Use of AuthSub for the Google API's has been deprecated: https://developers.google.com/accounts/docs/AuthSub
Upvotes: 2
Reputation: 7159
The Gmail API is newer than those and doesn't accept older authentication formats that other Google APIs may--it only accepts oauth2. I wouldn't roll your own authentication, there should be reasonable libraries for doing it in .net.
Upvotes: 0
Related Questions
- Client is unauthorized to retrieve access tokens using this method Gmail API C#
- Google API (Gmail) failing with failed precondition 400
- Error [403] in trying to get list of emails when using Gmail api
- gmail api Send Mail not working C# Console Application (Insufficient Authentication Scopes)
- Gmail API 403 Insufficient Permissions domain global
- Gmail API returns 403 error code and "Delegation denied for <user email>"
- gmail api suddenly returns 403 forbidden
- Receiving 403 error with Users.Messages.Send in Gmail API
- Error 403 Google API Email Settings .Net getting signature
- Gmail API + Service accounts return 403 error