Login/Register
Android publisher permission Denied only check payment(other api successfully)
Asked Answered
Solved authenticationgoogle-oauthandroid-inapp-purchaseserver-to-server
N

1

3

I'm trying to call api Purchases.products: get to verify your purchase it yields such a result

{
 "error": {
  "errors": [
   {
    "domain": "androidpublisher",
    "reason": "permissionDenied",
    "message": "The current user has insufficient permissions to perform the requested operation."
   }
  ],
  "code": 401,
  "message": "The current user has insufficient permissions to perform the requested operation."
 }
}
  • the project is tied properly
  • A new service account with owner rights has been created
  • This service account has been granted rights in the google play console

Documentation here says what you can do

the received token does not work only for purchase checks for any other api it returns the result(Inappproducts: list is work)

The verification url is built right because if you get a token client to server then this api works too - but I need a server to server auth

scopes =  ['https://www.googleapis.com/auth/androidpublisher']
authorization = Google::Auth.get_application_default(scopes)

uri = "https://www.googleapis.com/androidpublisher/v3/applications/#{ENV['ANDROID_PACKAGE_NAME']}/purchases/products/#{purchasable.purchase_uuid}/tokens/#{purchase_token}?access_token=#{authorization.fetch_access_token!['access_token']}"

response = RestClient::Request.execute method: :get,
                                           url: uri,
                                           headers: {'Content-Type':'application/json'}

and


file = File.read('config/google_key.json')
values = JSON.parse(file)


oauth = Signet::OAuth2::Client.new(
          issuer:               values[:client_email]",
          audience:             "https://www.googleapis.com/oauth2/v4/token",
          scope:                "https://www.googleapis.com/auth/androidpublisher",
          client_id:            values[:client_id],
          signing_key:          OpenSSL::PKey::RSA.new(values[:private_key]),
      )

      jwt = oauth.to_jwt

      url = "https://www.googleapis.com/oauth2/v4/token"
      begin
        response = RestClient::Request.execute method: :post,
                                               url: url,
                                               headers: {'Content-Type': 'application/json'},
                                               payload: {
                                                   grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
                                                   assertion: jwt
                                               }

        result =  JSON.parse response.body
      rescue => e
        puts e.response.to_str
        result =  JSON.parse(e.response.to_s)
      end

I expect this result

update 1

add tokeninfo

Nourish answered 16/2, 2019 at 14:20 Comment(0)
N
5

I love google.

after 7 days with my first service account it worked - but 7 days !!!! 7 days !!!! it's just horror

Guys in Google you need 7 days to give access to api!! - this is ridiculous

Okay, you need to do this to get access

  • create service account in google cloud (admin rights)
  • create google play console and link project google cloud
  • add email service account in google play console
  • after 1 week it will work
Nourish answered 24/2, 2019 at 15:4 Comment(2)
so did you have to contact google support or the problem automatically resolved after seven days? Did touncheck periodically that it started working or did they send you a message? Could you please provide more details, I am in the same boat right now and trying to figure out what to do. ThanksMoller
@Moller Hi, It is a problem was automatically resolved after seven days)) I think GCP need time to share access. My advice check all again and if all good then wait several days. Of the problem will actual tomorrow you can try to create new сredentials and wait more 2 days. You will create temp decision and when сredentials will be working you replace temp decisionNourish

© 2022 - 2024 — McMap. All rights reserved.