'Rails Omniauth google_oauth2 for admin.directory.user.readonly scope
There is my settings in omniauth.rb:
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'],
{
scope: 'https://www.googleapis.com/auth/admin.directory.user.readonly',
provider_ignores_state: true,
prompt: 'select_account consent',
callback_path: '/auth/google_oauth2/callback'
}
Trying to open localhost:5000/omniauth/google_oauth2, select gmail account, accept See info about users on your domain, click Allow and got:
{"code"=>403, "message"=>"Request had insufficient authentication scopes.", "status"=>"PERMISSION_DENIED", "details"=>[{"@type"=>"type.googleapis.com/google.rpc.ErrorInfo", "reason"=>"ACCESS_TOKEN_SCOPE_INSUFFICIENT", "domain"=>"googleapis.com", "metadata"=>{"method"=>"google.social.boq.socialgraph.peopleapis.legacy.service.people.proto.LegacyPeople1Service.JsonGetOpenIdConnect", "service"=>"legacypeople.googleapis.com"}}]}: { "error": { "code": 403, "message": "Request had insufficient authentication scopes.", "status": "PERMISSION_DENIED", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT", "domain": "googleapis.com", "metadata": { "method": "google.social.boq.socialgraph.peopleapis.legacy.service.people.proto.LegacyPeople1Service.JsonGetOpenIdConnect", "service": "legacypeople.googleapis.com" } } ] } }
Not sure what I need to fix. Сan anyone help?
Solution 1:[1]
Please see this answer.
It looks like you need to add admin privileges to whichever account you're using to make the request, therefore I suggest investigating your Google Admin Console for any possible misconfiguration with your OAuth client credentials.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | barnacle.m |