Clever Geek Handbook

Google Sheets + GoogleCredentials = "insufficient authentication scopes"

I am creating a server application that needs to read a bunch of spreadsheets. Therefore, we use GoogleCredentials.get_application_default()

from oauth2client.client

because the server has access to the service account. For local development, I want to use my personal credentials, so I am using the Google Cloud SDK. I used gcloud auth application-default login

to make sure this works.

Creating a service is as easy as:

from oauth2client.client import GoogleCredentials
from googleapiclient.discovery import build

credentials = GoogleCredentials.get_application_default()
service = build('sheets', 'v4', credentials=credentials)

And actually, while it works well, for a bunch of Google Cloud products. However, when using the Tables API, I get the following error when doing any query:

googleapiclient.errors.HttpError: 
<HttpError 403 when requesting https://sheets.googleapis.com/v4/spreadsheets/...
returned "Request had insufficient authentication scopes.">

This only happens with the Google Sheets API, other APIs (such as BigQuery V2 API) work fine.

What I've already checked:

  • Sheets API is enabled in the Google Cloud project
  • I have access to spreadsheets and editor rights for a Google Cloud project.

  • I have tried various methods for creating credentials, for example:

    credentials = GoogleCredentials.get_application_default()
scoped_creds = credentials.create_scoped(SCOPES)

    However, this has no effect, since the method create_scoped

    simply returns self ( source ).

  • I created a service account in this project and set an environment variable for it GOOGLE_APPLICATION_CREDENTIALS

    . This also works great, probably because it uses the ServiceAccountCredentials

    one that actually implements the method create_scoped

    .
  • I'm using the latest google-api-python-client (1.6.2) and oauth2client (4.0.0)

Am I on the right track here or am I just missing something really dumb?

+3


source to share


2 answers


I think I found a (slightly frustrating) answer to this question at the bottom of the Google Identity Platform documentation :



When using the Google Cloud SDK login command gcloud auth by default to provide your own identity for local use, the scopes set is currently fixed, although it includes all cloud-to-cloud APIs. If you need a scope outside this set, it is recommended that you use the downloaded service account key.

0


source


Try using apiclient.discovery

instead googleapiclient.discovery

. I had the same problem where I was missing too many arguments in build()

, but as soon as I removed the extra arguments it worked and the only difference in my code from yours is which module to pull discovery

from.



0


source






More articles:


All Articles