Why is Google Calendar API (oauth2) responding with 'Insufficient Permission'?

curl oauth-2.0 google-calendar-api google-oauth

rob_mccann · Jun 6, 2013 · Viewed 37k times · Source

I'm doing a get request to the following URL (with {id} replaced with the id from the web interface):

https://www.googleapis.com/calendar/v3/calendars/{id}

A few assertions:

The Authorize header is being correctly set with a valid access token (the token works fine for the Analytics API)
I've set the following scope for oauth2, which shows up correctly:
```
https://www.googleapis.com/auth/calendar
```

The token doesn't appear to have expired; it works for the Analytics API.

{ "error": { "errors": [ { "domain": "global", "reason": "insufficientPermissions", "message": "Insufficient Permission" } ], "code": 403, "message": "Insufficient Permission" } }

Answer

To fix, I revoked access to the app at https://accounts.google.com/IssuedAuthSubTokens and retried after which, I was able to access the API correctly.

Despite having the scope in the list, and the scope showing up on Google's OAuth2 grant page, the additional scope wasn't granted.

Why is Google Calendar API (oauth2) responding with 'Insufficient Permission'?

Answer

Related questions