"Invalid credentials" Google plus with request /plus/v1/people/me

Question

I'm doing sign in with Google+ and always I received the token correctly but when I want to make a request with this token to "https://www.googleapis.com/plus/v1/people/me" via curl. I always get the same error.

Code android to make login:

// Scope to get the token with the user information
public static final String SCOPE_GOOGLE_USER_INFORMATION = "https://www.googleapis.com/auth/userinfo.profile";
public static final String SCOPE_GOOGLE_PLUS_ME = "https://www.googleapis.com/auth/plus.me";
public static final String SCOPE_GOOGLE_PLUS_LOGIN = "https://www.googleapis.com/auth/plus.login";
public static final String SCOPE_GOOGLE_PLUS_EMAIL = "https://www.googleapis.com/auth/userinfo.email";
public static final String SCOPE = "oauth2:" + SCOPE_GOOGLE_USER_INFORMATION + " " + SCOPE_GOOGLE_PLUS_ME + " " + SCOPE_GOOGLE_PLUS_LOGIN + " " + SCOPE_GOOGLE_PLUS_EMAIL;


String token = GoogleAuthUtil.getToken(activity, userEmail, SCOPE);

And then I make the curl request:

curl -H "Authorization: Bearer TOKEN" https://www.googleapis.com/plus/v1/people/me?key={KEY}

Always I received the same error:

{
 "error": {
 "errors": [
 {
  "domain": "global",
  "reason": "authError",
  "message": "Invalid Credentials",
  "locationType": "header",
  "location": "Authorization"
 }
 ],
 "code": 401,
 "message": "Invalid Credentials"
 }
}

but If I do the same process via https://developers.google.com/oauthplayground/ works

Answer 1

You key and access token have to be from the same project. You can check the project number of the access token by plugging it into to: https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=

Remove the plus.me scope as well, that is not needed. The email and profile scopes can be replaced with the strings "email" and "profile" respectively (no https://wwww.googleapis.com etc.). plus.login is reasonable, but if you're just getting basic profile, you don't need it - the profile scope will give you that from the plus API.