I am attempting to set up an application using the Google Calendar API. I set up all the credentials and set the authorized JavaScript page equal to http://localhost:8000 as suggested within the quick start guide at https://developers.google.com/google-apps/calendar/quickstart/js. When I try to run the file on localhost:8000/quickstart.html it will show the basis page but no information. I can click the authenticate button and it will allow me to authenticate my account to use the Calendar application, however nothing will show up information-wise. Checking the console, the following errors are present:
Get https://content.googleapis.com/calendar/v3/calendars/primary/events?maxResults=10&orderBy=startTime&showDeleted=false&singleEvents=true&timeMin=2017-08-11T20%3A58%3A29.156Z 403 ()
and
Uncaught {"error":{"errors":[{"domain":"usageLimits","reason":"accessNotConfigured","message":"Access Not Configured. Calendar API has not been used in project 440480151645 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/calendar.googleapis.com/overview?project=44080151645 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.","extendedHelp":"https://console.developers.google.com/apis/api/calendar.googleapis.com/overview?project=44080151645"}],"code":403,"message":"Access Not Configured. Calendar API has not been used in project 44080151645 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/calendar.googleapis.com/overview?project=44080151645 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."}}
However, going to the supplied link only says that I do not have access to the calendar.googleapis.com api and will not let me enable my Google Calendar or use it.
Google calendar uses Oauth2.0 for authorization. There are three essential components of this. If any of these are missing, authorization will not happen properly and you'll get a 403.
Access token - the google calendar API saves an access token to your
/.credentials folder by default. Your application will need to be
able to read this file (wherever it may be), otherwise you will have
to manually authorize API calls with every request.
client_secret.json - this is a necessary file to authorize your
application itself as a client of google. When you created a clientID and such using the google developer portal, this file was
created, and must also be read by your application.
Scopes - The scope is what level of access you have. It is by
default in the quickstart set to "read-only", which could be why
you're getting 403. If you want to change the scope, you're going to
have to edit both the line of code in the quickstart and either
modify the access token or get a new one to reflect that change.
I have gotten this error before, but that was before I understood Oauth2. If the problem isn't in any of these, it's likely something that you selected in the developer console. Let me know if you are still stuck.
Based from this thread, try setting the Referrers to Any referrer allowed for your project (just leave the field empty) in the Google Developers Console if it is not already like that.
To do this, go to your Google Developers Console and open API & Auth / Credentials and click Edit allowed referrers empty the input field.
Additional reference:
Google Calendar API v3 Access Not Configured
403 error with message:Access Not Configured. Please use Google Developers Console to activate the API for your project
Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration
Related
I am making a gmail addon in which i am trying to get the user's contact groups (labels) using the code:
var groups = ContactsApp.getContactGroups();
I already have added required scope : https://www.google.com/m8/feeds in manifest file (appsscript.json) but it returns "Exception: Unexpected error while getting the method or property getContactGroups on object ContactsApp". This method was working fine when it was a default apps script project. I started getting this expection after linking my apps script project with Google cloud project. I am also using People API in my project. When I add https://www.google.com/m8/feeds in scopes on consent screen of Google cloud platform it does
not show up there. Instead, https://www.googleapis.com/auth/contacts is shown in the scopes list. It might be because I am using People api and both of these scopes are for read/write user's contacts. And My consent screen on Google cloud platform is still under verification.
Also,I am not able to use any of the methods provived by ContactsApp class. I am getting the same exception when I used var contact = ContactsApp.getContact("abc#gmail.com");
Any help would be appreciated.
Thanks
When changing from a default Apps Script project to a GCP project, you need to enable the necessary APIs in your GCP console
In your particular case you need to enable the Contacts API in your GCP console - for the chosen project
Depending on the rest of your code, you might need to enable also other APIs (e.g. Gmail)
Follow those instructions to enable the requested APIs
Here's what I'm trying to do:
Remotely execute a Google Apps Script function from an online automation service (Zoho Flow, similar in purpose to Zapier.)*
This function that I am remotely executing is to add gmail labels to everyone in an organization.
In order to do this, I've done the following:
Created a service account with domain-wide-delegation in the same GCP project associated with the function that adds gmail labels.
Used the OAuth2 library for Google Apps Script to perpetuate JWT authorization for that service account in my script.
Verified that function works with service account functionality for all users in a Google oragnization within google apps script
Deployed this script as an API Executable to enable remote execution
Created authtokens authorized with the mail scope for the Apps Script API (https://mail.google.com/), as well as an additional scope required by the OAuth2 library in my script. This is done in the google developer playground, using OAuth2.0 Client ID credentials that are authorized as a part of that same GCP project.
Successfully executed the function remotely using the Google Apps Script API with Postman
Now, in order to actually make this functionality official, I now have to replace postman and the google developer console with the actual client, which is this Zoho Flow platform for api connections and process automation.
In order to make the switch I've done the following;
Added the authorized redirect URl for the client (Zoho Flow) under the same credentials that are used for the Google Developer Playground:
Utilized the credentials found from the JSON representation of those credentials** for creating what's called a "connection" in this software, which is basically an easy-to-use OAuth2.0 connection with a nice front-end that can be used for accessing API data (this is the part where I create this connection):
Entered the same scope for this connection that were authorized in the google developer playground, as well as that additional scope (https://www.googleapis.com/auth/script.external_request) that the OAuth2.0 library for Google Apps Script uses:
Lo and behold, I get the error below when attempting to gain access to Google API data from a web application, and the scopes that are said to cause the error is every scope except for the mail scope: https://mail.google.com/. I've done additional testing to verify that every other scope that is a part of the google apps script API also create this error, not just this external scope for the OAuth2 library.
Support said it was likely an issue with my credential permissions; is my line of logic for this correct? If it is, then it is an issue with their software that I will have them pursue further.
Some additional testing has been done on the software (Zoho Flow) to confirm whether or not it is a software error or not: I'm not certain if the process defined in my answer is best practices, or even 100% correct (other users can speak to it,) but I've confirmed that the error I am seeing is likely an error with the client.
Here's why:
When authorizing for multiple scopes, I get the error seen at the end of my question:
When changing that connection to utilize only one of my scopes instead, like so:
The connection proceeds properly, and I can remotely execute functions that utilize only that one scope successfully. This does work for any one scope that I authorize. The only problem is, it's a rare occurrence that a script only requires one scope. While this I can get around this major bug, I cannot remotely execute my function that adds gmail labels to all users in an organization because it requires two scopes. This will be mentioned to the development team and it should be fixed soon.
I'm trying to deploy a Google Apps script via the Google REST API, and I'm using the API Explorer to perform that.
This is the method I am testing:
https://developers.google.com/apps-script/api/reference/rest/v1/projects.deployments/create
Executing the method via the API Explorer returns a 404 error. I have verified that the scriptId in question does exist, and have tried several other scriptIds, to no avail. I have also made sure the permission scopes are properly set.
This is what the API Explorer gives me.
Worth mentioning that the same scriptId works when calling another method such as projects.get.
Is there anything I am missing, or is this an issue on Google's end?
In case of the latter, what are the steps to contact Google Apps Script's team and inform them of this issue?
Your versionNumber is incorrect. The Requested entity here refers to the version of your script. You need to go to File>Manage Versions>Save New version to create a new version(or create one with the api1) and use that version number in the request body.
Check your authorization scopes. You need to have the following scope enabled:
https://www.googleapis.com/auth/script.deployments
If its not in the list of available scopes in API Explorer then you'll need to add it manually (there is an area at the bottom of the authorization dialog where you can add scopes).
Google's API Explorer uses API keys to authorize requests. In some cases an API key is not sufficient and an OAuth2 (bearer) access token is required. As an alternative you can create an Apps Script project and add the appropriate scopes via the manifest file(appsscript.json). Then you can use UrlFetchApp.fetch() to test the API directly.
EDIT: In case it helps others who find this, the fact that Gaia clears cookies after Chrome restart is known behavior. They recommend the use of Chrome login. See more here.
The core question: how do I fetch Google OAuth access tokens in the background from a Chrome extension without using the getAuthToken method in the chrome.identity API? This method forces users to login to Chrome, which isn't ideal for our app. There's also no way I can find to retrieve OpenID Connect ID tokens using the native methods exposed in the identity API.
Currently, I'm fetching tokens using the launchWebAuthFlow method from the chrome.identity API. This method launches an "Identity API Scope Approval UI" window in which the user makes the initial OAuth grant. This window (referred to as "gaia") has its own session / cookie data, separate from a browser session.
After the initial OAuth grant, the extension periodically retrieves access tokens in the background, and subsequently fetches data from Google APIs (e.g. Drive). This works well. When a user quits and re-opens Chrome, however, fetching access tokens fails - gaia loses its session cookies when Chrome restarts, so running the launchWebFlowAuth method doesn't complete because Google can't authenticate the user (unless we prompt the user to login in the Identity API Scope Approval UI again). Others seem to have had the same issue.
Google Sign-In would be ideal, but it doesn't work in Chrome extensions (I'm getting the same "Invalid cookiePolicy" error as the author of that issue).
Any advice on how to best handle this use case would be very much appreciated!
I am integrating ASP.NET application using Google Drive API. For this after authentication we re uploading Files to Google drive. I am using Google client library to Call the APIs.
Everything is working as expected I am able to authenticate user successfully and able to upload the file successfully.
In one scenario when the user Google account is suspended then I am getting refresh token from Google but my upload method is failing and it is not uploading the file to Google drive.
I want to restrict the user on Signup screen itself, when account is suspended.
What parameter do I have to pass to achieve this please suggest?
Unfortunately this info is not easily available. You have two options :
Use the Directory API to see if the user is suspended. This requires additional OAuth permissions to be provided by an admin of the domain.
At login, try and perform a Drive API call to see if you get an error or not. If you get an error (with a couple of retried) and the error message matches the one you had for suspended users, then you can deny access to the user.