CODEWITHSUNDEEP
phpgoogle-cloud-platformgmail-apigoogle-cloud-pubsub
Ayyan
Ayyan

Reputation: 21

Error sending test message to Cloud PubSub returning 403 authorization error

I am trying to setup a push notification as documented in Gmail API Users: watch, but always getting 403 error i.e

Error sending test message to Cloud PubSub .... User not authorized to perform this action

. I am using Google PHP library and follow the quickstart.php to initiate this action. Here is my script as follows:

require __DIR__ . '/vendor/autoload.php';

if (php_sapi_name() != 'cli') {
  throw new Exception('This application must be run on the command line.');
}

function getClient()
{
  $client = new Google_Client();
  $client->setApplicationName('Gmail API PHP Quickstart');
  $client->setScopes(array("https://mail.google.com/", "https://www.googleapis.com/auth/gmail.compose", "https://www.googleapis.com/auth/gmail.modify", "https://www.googleapis.com/auth/gmail.readonly", "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/pubsub"));
  $client->setAuthConfig('credentials.json');
  $client->setIncludeGrantedScopes(true);
  $client->setAccessType('offline');
  $client->setPrompt('select_account consent');
  $tokenPath = 'token.json';

  if (file_exists($tokenPath)) {
    $accessToken = json_decode(file_get_contents($tokenPath), true);
    $client->setAccessToken($accessToken);
  }

  if ($client->isAccessTokenExpired()) {

     if ($client->getRefreshToken()) {
        $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
     } else {
        $authUrl = $client->createAuthUrl();
        printf("Open the following link in your browser:\n%s\n", $authUrl);
        print 'Enter verification code: ';
        $authCode = trim(fgets(STDIN));
        $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
        $client->setAccessToken($accessToken);
        if (array_key_exists('error', $accessToken)) {
            throw new Exception(join(', ', $accessToken));
        }
     }
     if (!file_exists(dirname($tokenPath))) {
        mkdir(dirname($tokenPath), 0700, true);
     }
     file_put_contents($tokenPath, json_encode($client->getAccessToken()));
  }
  return $client;
} 
$client = getClient();
$service = new Google_Service_Gmail($client);
$watchreq = new Google_Service_Gmail_WatchRequest();
$watchreq->setLabelIds(array('INBOX'));
$watchreq->setlabelFilterAction('include');
$watchreq->setTopicName('projects/gcl-gmail-2020/topics/php-example-topic');   
$msg = $service->users->watch('me', $watchreq);

Any help in this regard will be appreciated.

Upvotes: 0

Views: 402

Answers (1)

marian.vladoi
marian.vladoi

Reputation: 8074

You can use this sample code to test permissions for a topic, because the error message states that the service account does not have the necessary permissions to perform this action:

Testing permissions

use Google\Cloud\PubSub\PubSubClient;

/**
 * Prints the permissions of a topic.
 *
 * @param string $projectId  The Google project ID.
 * @param string $topicName  The Pub/Sub topic name.
 */
function test_topic_permissions($projectId, $topicName)
{
    $pubsub = new PubSubClient([
        'projectId' => $projectId,
    ]);
    $topic = $pubsub->topic($topicName);
    $permissions = $topic->iam()->testPermissions([
        'pubsub.topics.attachSubscription',
        'pubsub.topics.publish',
        'pubsub.topics.update'
    ]);
    foreach ($permissions as $permission) {
        printf('Permission: %s' . PHP_EOL, $permission);
    }
}

Then, just grant to the service account the necessary permissions:

Granting roles to service accounts

Upvotes: 0

Related Questions