PDA

View Full Version : GMail Issue: Insufficient Permission



Marcia Booth
26-Aug-2015, 01:31 PM
I was able to run almost all samples using new accounts I created for this test. I used basic operations listed in the doc and that was pretty straightforward.

I had an issue, though, using my Google account when trying to get my gmail.

I clicked on Log In and entered my Google account in the separate screen that opened up
After pressing Accept on the screen below, I got a token - good.
9196

I used drive/v2/files in operation and it listed folder/file information - good.

Used gmail/v1/users/me/messages and it returned:
"code": 403,
"message": "Insufficient Permission"

Is that expected?

Mike Peat
27-Aug-2015, 02:22 AM
Marcia

The GMail issue sounds as though you had not granted the app the required scope. Google requires that you grant different "scopes" for each API (the doc discusses this a little (https://docs.google.com/document/d/1mkrmmuiZb9LZLEShCzBuHwEhnrloZ_lSlmmujmKJgzI/edit#heading=h.95r696vryidp), but does not go into much depth). In order to access the GMail API you have to log in with a scope-set (you can specify many scopes at the same time - multiple scopes separated by spaces) which includes "https://mail.google.com" (http://"https://mail.google.com") - that is what the "Scope(s)" form on the Google sample is for. It defaults to the Google Drive scope: "https://www.googleapis.com/auth/drive" (http://"https://www.googleapis.com/auth/drive"), but you can change it to what you need and click the "Login to Google" button again to log in with the new scope(s).

For instance you could put: "https://www.googleapis.com/auth/drive (https://www.googleapis.com/auth/drivehttps://mail.google.comhttps://www.googleapis.com/auth/calendarhttps://www.googleapis.com/auth/plus.login)https://mail.google.com https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/plus.login" (i.e. four different scopes) in the Scope(s) form and press "Login to Google", then be able to make any of the four suggested calls to those different APIs (Drive, GMail, Calendar and Google+). Maybe I need to make that clearer in the doc - I have just updated it to try to do that.

Mike

Marcia Booth
27-Aug-2015, 12:13 PM
After entering

https://www.googleapis.com/auth/drive https://mail.google.com https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/plus.login

as the scope, I was able to login successfully.

When I tried to execute operations like the ones I tried before, I was getting "Not Found" as a response :-(
9199

The issue there was that I had a trailing space in the operation string -- Google was not happy at all about that.

So lesson learned and a good note to leave here: applications must warn users about or automatically remove trailing spaces from the operation string before executing it.

Mike Peat
28-Aug-2015, 02:48 AM
Marcia

Yes! Well spotted! I didn't read all the way to the end of your post before switching to the sample application (thinking "Well I'm sure that worked for me!") and trying it (sure enough, it worked once more), but then I read to the end and tried again with a trailing space and sure enough, got the "Not Found" response you did.

I'll amend the app to strip off spaces (at either end) from the operation. This is why testers are so important - I would never have spotted that (cuz Ahm stoopid! :o).

Thanks!

Mike