Insufficient Permission: Request had insufficient authentication scopes in google directory API when logging through admin

Asad picture Asad · Feb 11, 2020 · Viewed 8.4k times · Source

I'm using google admin directory API to get all accounts public information using following API https://www.googleapis.com/admin/directory/v1/users

here is link for this api link when I logged in using g suite domain account let say [email protected] with non administrative user this api works fine and fetch the data of all accounts in array but When I call this API by logging in as admin it gives me following error /


Insufficient Permission: Request had insufficient authentication scopes


why its happening Im using same auth and API key for both users
my code is here

const token =localStorage.getItem('token')
 fetch(`https://www.googleapis.com/admin/directory/v1/users? 
 domain=${domain.url}&viewType=domain_public&key=${apiKey.key}`  
  ,{ headers: {
'authorization': 'Bearer '+token
  },})

  .then(response => response.json())
  .then(data => this.setState({ users:data.users }));

token is coming from this module npm react google login google sign in button

Answer

ale13 picture ale13 · Feb 17, 2020

It seems that the issue you are encountering is related to the way you are using the access token, more precisely in the way you use the scopes for the admin account in relation to the access token you have.

If the scopes you want to use with the two accounts don't match entirely, you will need to get another access token when you use the admin account.

So in order to solve your issue, you will have to get a new access token for the scopes you will be using for the admin account. You can declare them like this:

const SCOPES = ['https://www.googleapis.com/auth/admin.directory.user.readonly' 'OTHER_SCOPE_1' 'OTHER_SCOPE_2'...];

Same goes for the non-admin account; if the scopes don't match entirely, declare them like above and get another access token which will be the one matching them.

Reference