Re-seller API - insufficient permissions

0
votes

I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.

Where am I currently:

  • Can create a google client object
  • Can check if a customer already exists with that domain
  • Can create a customer object

Guide:

Error Code:

Uncaught Google_Service_Exception: {"error":{"errors":[{"domain":"global","reason":"insufficientPermissions","message":"Insufficient Permission"}]

I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.

Current Scope: 

function get_client()
{
    $OAUTH2_SCOPES = [
        Google_Service_Reseller::APPS_ORDER,
        Google_Service_SiteVerification::SITEVERIFICATION,
        Google_Service_Directory::ADMIN_DIRECTORY_USER,
    ];

    $client = new Google_Client();
    $client->setApplicationName('test');
    $client->setScopes($OAUTH2_SCOPES);
    $client->setAuthConfig(__DIR__ . '/credentials.json');
    $client->setAccessType('offline');
    $client->setPrompt('select_account consent');

    // Load previously authorized token from a file, if it exists.
    // The file token.json stores the user's access and refresh tokens, and is
    // created automatically when the authorization flow completes for the first
    // time.
    $tokenPath = 'token.json';
    if(file_exists($tokenPath)) 
    {
        $accessToken = json_decode(file_get_contents($tokenPath), true);
        $client->setAccessToken($accessToken);
    }

    // If there is no previous token or it's expired.
    if($client->isAccessTokenExpired()) 
    {
        // Refresh the token if possible, else fetch a new one.
        if ($client->getRefreshToken()) 
        {
               $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
        } 
        else 
        {
            // Request authorization from the user.
            $authUrl = $client->createAuthUrl();
            printf("Open the following link in your browser:\n%s\n", $authUrl);
            print 'Enter verification code: ';
            $authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

            // Exchange authorization code for an access token.
            $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
            $client->setAccessToken($accessToken);

            // Check to see if there was an error.
            if(array_key_exists('error', $accessToken))
            {
                throw new Exception(join(', ', $accessToken));
            }
        }
        // Save the token to a file.
        if (!file_exists(dirname($tokenPath))) 
        {
            mkdir(dirname($tokenPath), 0700, true);
        }
        file_put_contents($tokenPath, json_encode($client->getAccessToken()));
    }

    return $client;
}
1
phpgoogle-admin-sdkgoogle-workspacegoogle-reseller-api

1 Answers

0
votes

I manage to figure out the solution myself.

The problem:
insufficient Permissions

The Solution:
The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)