Google API giving unauthorized token error

2
votes

We have an application hosted in GCP which uses GSuite APIs to sync users from GSuite to our application and visa-versa using Service Account. It used to work well until recently some of our customers started facing issues.

We started getting

401 unauthorized. "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."

There as been no change in our application and neither in the list of permissions granted. Following are the list of api access granted :-

https://apps-apis.google.com/a/feeds/domain,
https://www.googleapis.com/auth/activity,
https://www.googleapis.com/auth/admin.directory.group,
https://www.googleapis.com/auth/admin.directory.orgunit, 
https://www.googleapis.com/auth/admin.directory.user,**
https://www.googleapis.com/auth/admin.directory.user.readonly,
https://www.googleapis.com/auth/drive,
https://www.googleapis.com/auth/drive.appdata,
https://www.googleapis.com/auth/drive.file,
https://www.googleapis.com/auth/drive.metadata,
https://www.googleapis.com/auth/drive.metadata.readonly,
https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly,
https://www.googleapis.com/auth/admin.directory.rolemanagement,
https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly,
https://www.googleapis.com/auth/admin.directory.device.chromeos,
https://www.googleapis.com/auth/drive.apps.readonly,
https://www.googleapis.com/auth/drive.photos.readonly,
https://www.googleapis.com/auth/drive.scripts

The affected GSuite domains were working perfectly until yesterday. Also there are some domains which still work without any problem.

Can somebody please suggest what could the problem be. Is there any change in the APIs recently? Any help will be much appreciated.

1
google-apiservice-accountsgoogle-workspacegoogle-directory-api
Same happening here suddenly. Everything worked fine for 6 years. Today the whole app stopped working because of this error. Panic ensued. Any solutions would be appreciated. App hasn't been updated in 1 year (the codebase/logic).Gizmo
Re-creating the service account key (.json), re-assigning the API permissions and re-doing DWD don't fix the problem. Tried rebooting the server, does not work either.Gizmo
having the exact same issue. no code changes, no permission changes. application just stopped working after 3 years of running fine.aman

1 Answers

0
votes

"Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."

There are several ways to authenticate to Google.

  • web based applications
  • native applications
  • mobile applications
  • and service accounts

The clients you create for these types is different as is the code to use them. The message you are seeing above means that the code you are using does not match the type of client you have created.

Make sure your code is designed for use with service accounts and make sure that the credentials file you have downloaded from google developer console is in fact credentials for a service accounts.

Why it worked previously and suddenly stopped i cant tell you this is an error you will always get if your code does not match your credential type.

The last option would be to double check that all of those apis are enabled in the Google developer console for your service account project.