ACCESS_TOKEN_SCOPE_INSUFFICIENT 403 Request had insufficient authentication scopes domain global

Asked 24/11, 2021 at 16:37 Answered 22/5, 2022 at 10:32

node.js google-api google-oauth google-apis-explorer androidpublisher

to check inapp purchase i have used this api https://androidpublisher.googleapis.com/androidpublisher/v3/applications/{packageName}/purchases/products/{productId}/tokens/{token} and got this response.

{
    "error": {
        "code": 403,
        "message": "Request had insufficient authentication scopes.",
        "errors": [
            {
                "message": "Insufficient Permission",
                "domain": "global",
                "reason": "insufficientPermissions"
            }
        ],
        "status": "PERMISSION_DENIED",
        "details": [
            {
                "@type": "type.googleapis.com/google.rpc.ErrorInfo",
                "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
                "domain": "googleapis.com",
                "metadata": {
                    "method": "androidpublisher.ProductPurchasesService.Get",
                    "service": "androidpublisher.googleapis.com"
                }
            }
        ]
    }
}

Monk answered 24/11, 2021 at 16:37 Comment(4)

Please edit your question and include your code – Loophole 24/11, 2021 at 18:1

Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Mcdonald 30/11, 2021 at 8:15

If you're running an application from a compute instance or GKE you may have a problem with the scopes of that instance (as distinct from the IAM roles assigned to the service account the application is run with). Hard to find a general documation page for it, but look at the --scopes arg for gcloud compute instances create. Documentation for a similar problem in secret manager is here. – Spaceman 29/10, 2022 at 20:59

You may just need to add --scopes "https://www.googleapis.com/auth/cloud-platform" (or whatever scope you're missing) – Spaceman 29/10, 2022 at 21:0

By any chance, have you been invoking this from a GCE VM? If so, you might want to:

Stop the VM
Go to the GCE VM instances in the cloud console
Click edit on the machine
Go to scopes
Edit the scopes as desired (preferably adding the scope just to a particular API or if you are OK with it - to all APIs, depending on context and risk)
Restart the machine and make the API call again

Some useful references can be found here and here.

Holbrooke answered 22/5, 2022 at 10:32 Comment(0)

By chance are you missing full user name in you Authorisation flow AuthorizationCodeInstalledApp(flow, receiver).authorize(_USER_ID + "@gmail.com");

Letitialetizia answered 24/11, 2021 at 16:37 Comment(0)

Recommended topics

Hot tags