Google Meet endActiveConference API returning 403 error

Question

I use PHP to make a POST request to end a google meet meeting. This was working until a few days but suddenly started failing.

function endGoogleMeet($meetingId){

    $accessToken = getAccessToken();
    try {
        $getConferenceRecordUrl = 'https://meet.googleapis.com/v2/conferenceRecords?filter=space.meeting_code='.$meetingId;
        $conferences = curl_GET($getConferenceRecordUrl,$accessToken);
        $spaceName = '';
        if(!empty($conferences)){
            $confDetails = $conferences['conferenceRecords'][0];
            $spaceName = $confDetails['space'];
            echo 'Found conference space with name: ' .$spaceName.' for meeting id '.$meetingId.PHP_EOL;
        }else{
            throw new Exception('Could not find meeting details');
        }

        if(!empty($spaceName)){
            $endConfUrl = 'https://meet.googleapis.com/v2/'.$spaceName.':endActiveConference';
            $response = curl_POST($endConfUrl, $accessToken);
            echo 'Ended active conference'.PHP_EOL;
        }
    } catch (Exception $e) {
        echo $e->getMessage();
    }
}

The response here comes as -

{"error":{"code":403,"message":"Permission denied on resource MeetingSpace (or it might not exist)","status":"PERMISSION_DENIED"}}

I'm wondering if there's a new scope that has been introduced for ending conference. The scopes that I'm using to get my access token are -

$scopes = ['https://www.googleapis.com/auth/meetings.space.readonly', 'https://www.googleapis.com/auth/meetings.space.created'];

Any pointers here will be helpful.

Mentioned above. Was hoping for this to work properly and end the meeting.

Answer 1

I ran into this as well, endActiveConference was working just fine by just impersonating the Meeting host and suddenly I started to get 403 errors. Before, I could manually create a meeting with a user, then impersonate the user and end the conference with my app, but not anymore.

The solution I found is that the Meeting space also needs to have been created by the same app that's trying to end the conference, and it should be created with spaces.create. If you create your own meeting spaces with your app, you'll be able to end their conferences. This means that you need to have some kind of spaces factory chugging out links for your users, you cannot end meetings created by them.

Why is it like this? Maybe it's intended, going by the description of the scope https://www.googleapis.com/auth/meetings.space.created:

It clearly says that you can only create, edit and see information about conferences created by the app. Presumably, there's some kind of hidden attribute determining which app created each space. Creating a meeting on https://meet.google.com is using Google's app, so yours cannot act on it.

So why was it working before? My guess is that it was an oversight that was fixed. I remember seeing the "created by the app" part of the description when I was first testing the API and thinking I'd have to create my own spaces, but then I was relieved when I only needed to impersonate the host. It's hard to know for sure, since like with Betty St's comment, any issues I created under Google's issue tracker were instantly removed so I couldn't get an official answer.

The Meet API is still pretty new so I think it makes sense that they're still fixing vulnerabilities, maybe they will add new scopes in the future or even revert this change, but for now you can try changing your workflows to create your own Meeting links as a workaround.