PHP Google API service accounts

Question

I am currently struggling to get access to the google api when impersonating a user.

I can connect as that user however I am getting an error where I am presented with an error:

"error": {
    "errors": [
         {
             "domain": "global",
             "reason": "appNotAuthorizedToFile",
             "message": "The user has not granted the app <app id> write access to the file <file id>",
             "locationType": "header",
             "location": "Authorization"
         }
    ],
}

The recommended resolution is to use google Picker and get the user to allow my app to access this file. However as I am using a service account with domain wide delegation and g-suite enabled I thought this wasn't necessary.

my current php code is:

$client = new Google_Client();
$client->setApplicationName($appName);
$client->setAuthConfig($credentials);
$client->addScope($scopes);
$client->setClientId($key);
$client->useApplicationDefaultCredentials();
$client->setSubject($userTobe);
$client->setAccessType('offline');

I am using putenv to push my service_account.json into my file. I followed the quick start as it suggested. I have enabled all the required scopes in the security console. If I specify getRefreshTokenwithAssertion() i can get an access_token starting with ya29. however this still presents the error above.

I am currently at a loss on where to go from here. Any help would be greatly appreciated.

Answer 1

Which scopes are you using? Please ensure you are setting the drive auth scope in your application: https://www.googleapis.com/auth/drive (Google_service_Drive::DRIVE)

Answer 2

Has the client and scopes been authorized in the admin console?

admin console => security => Advanced settings => manage API client access