CODEWITHSUNDEEP
angularapigoogle-cloud-platform
jgu7man
jgu7man

Reputation: 366

Request had insufficient authentication scopes (Google Cloud Resource Manager)

I'm trying to make a Google Cloud Resource Manager Call in an Angular project and I'm using angular/fire to use Firebase services. So I use the auth method of angular/fire and authenticate with oAuth2 of google between popup user and return the credentials and tokens.

When I use the token to call the API sends me an Error:

"error":{"code":403,"message":"Request had insufficient authentication scopes.","status":"PERMISSION_DENIED"}}

My call is below:

createProject(token): Observable<any>{


    const body = {
      "name": 'newAgent',
      "projectId": 'newAgent123',
      "labels": {
        "test": 'test'
      }
    }


    return this._http.post(`
      https://cloudresourcemanager.googleapis.com/v1/projects?
      access_token=${token}`,
      body
    )
  }

Upvotes: 1

Views: 14288

Answers (2)

jgu7man
jgu7man

Reputation: 366

I found a solution to authenticate and get the rigth scopes: FIRST: Create a oAuth popup:

openPopup() 
  {
    const name = 'Authorization'
    const options = `width=${ 500 },height=${ 600 },left=${ 0 },top=${ 0 }`;
    const url = `
          https://accounts.google.com/o/oauth2/v2/auth?
          client_id=<CLIENT_ID>&
          response_type=code&
          include_granted_scopes=true&
          scope=https%3A//www.googleapis.com/auth/cloud-platform&
          redirect_uri=http://localhost&
          access_type=offline`;

    return window.open(url, name, options);
  }

THEN Verify the code:

authApi(): Observable<any>{

    let headers = new HttpHeaders({
      'Content-Type': 'application/x-www-form-urlencoded'
    })

    let body = `
        code=<RESPONSE_CODE>&
        client_id=<CLIENT_ID>&
        client_secret=<CLIENT_SECRET>&
        grant_type=authorization_code&
        redirect_uri=http://localhost`;


    return this._http.post(`https://www.googleapis.com/oauth2/v4/token`,
    body, {headers: headers})
  }

BUT NOW, WHEN I TRY TO USE THE API sends me this error

status: 0
statusText: "Unknown Error"
url: "https://cloudresourcemanager.googleapis.com/v1/projects"
ok: false
name: "HttpErrorResponse"
message: "Http failure response for https://cloudresourcemanager.googleapis.com/v1/projects: 0 Unknown Error"

BECAUSE I try to use the API with the next function

createProject( token ): Observable<any>{


    const headers = new HttpHeaders({
      'Content-Type': 'application/json',
      'X-Requested-With': 'XMLHttpRequest',
      'scope': 'https://www.googleapis.com/auth/cloud-platform',
      'Authorization': 'Bearer ${token}'
    })


    const body = {
      "name": 'newAgent',
      "projectId": 'newAgent123',
      "labels": {
        "test": 'test'
      }
    }


    return this._http.post(`https://cloudresourcemanager.googleapis.com/v1/projects`,
      body, { headers: headers }
    )
  }

Upvotes: 0

Wojtek_B
Wojtek_B

Reputation: 4443

You have to make sure that service account you're using for authentication has a proper access scope.

It has to have Datastore access scope (https://www.googleapis.com/auth/datastore) to be able to talk to Firestore's API. You can read more here how Firestore API works.

You can set proper scopes for your service account using console in the VM details page.

After you change the scopes it is required to restart the instance - otherwise they won't be applied.

Similar case was also discussed on Stack Overflow here. It may be helpful.

Upvotes: 1

Related Questions