googleapi: Error 403: Request had insufficient authentication scopes. More details: Reason: insufficientPermissions, Message: Insufficient Permission

2
votes

I am trying to send an email with Gmail API. But I get this error

googleapi: Error 403: Request had insufficient authentication scopes. More details: Reason: insufficientPermissions, Message: Insufficient Permission

I think it might bee related to config, I also followed google's quickstart for Go here is the getClient func:

func getClient(config *oauth2.Config) *http.Client {
    // The file token.json stores the user's access and refresh tokens, and is
    // created automatically when the authorization flow completes for the first
    // time.
    tokFile := "token.json"
    tok, err := tokenFromFile(tokFile)

    if err != nil {
            tok = getTokenFromWeb(config)
            saveToken(tokFile, tok)
    }
    return config.Client(context.Background(), tok)
}

here is the code send:

case "pass":
    
    templateData := struct {
        VerPass string
        
    }{
        VerPass: cont1,
        
    }

    emailBody, err := parseTemplate("ver.html", templateData)
    if err != nil {
        fmt.Println("Parse Err")
        return false, err
     }
     
    var message gmail.Message
 
    emailTo := "To: " + to + "\r\n"
    subject := "Subject: " + sub + "\n"
    mime := "MIME-version: 1.0;\nContent-Type: text/html; charset=\"UTF-8\";\n\n"
    msg := []byte(emailTo + subject + mime + "\n" + emailBody)
 
    message.Raw = base64.URLEncoding.EncodeToString(msg)
 
    // Send the message
    fmt.Println("OOOOOYYYYY")
    //here is the problem
    b, err := ioutil.ReadFile("credentials.json")
if err != nil {
        log.Fatalf("Unable to read client secret file: %v", err)
}

// If modifying these scopes, delete your previously saved token.json.
config, err := google.ConfigFromJSON(b, gmail.MailGoogleComScope)

if err != nil {
        log.Fatalf("Unable to parse client secret file to config: %v", err)
}
    client := getClient(config)

srv, err := gmail.New(client)
if err != nil {
        log.Fatalf("Unable to retrieve Gmail client: %v", err)
}
//GmailService
    res, err := srv.Users.Messages.Send("me", &message).Do() // change me
    if err != nil {
        fmt.Println("Res Err")
        fmt.Println(err)
       return false, err
    }
    fmt.Println(res)

I tried for config, err := google.ConfigFromJSON(b, gmail.MailGoogleComScope), I tried using GmailReadonlyScope and gmail.GmailSendScope, but I got the same error.

1
gogoogle-apigoogle-oauthgmail-apigoogle-api-go-client
Unfortunately, in your showing script, getClient() of client := getClient(config) cannot be seen. But, when this function includes a file with the access token and refresh token, when you delete the file and authorize the scopes again, what result will you obtain? But, if my understanding of your whole script is not correct, I apologize for this.Tanaike
@Tanaike thank you for your reply, I have modified the question to show getClient. I deleted token.json and reauthorized but the same problemCamille Basbous
solved I called the func twiceCamille Basbous
Thank you for replying. I'm glad your issue was resolved. When your issue was resolved, can you post it as an answer? By this, it will be useful for other users who have the same issue.Tanaike

1 Answers

1
votes

Request had insufficient authentication scopes.

Means that the user who has authorized your application to access their data has not granted your application enough permissions in order to do what you are trying to do.

You apear to be using the user.message.send method. If you check the documentation you will find that that method requires that the user be authorized with one of the following scopes.

enter image description here

If you did follow Googles quick start for go then you used gmail.GmailReadonlyScope as a scope which will only give you read only access. However your code now apears to contain the mail.MailGoogleComScope scope which should work however i am guessing you neglected to reauthorize the application. And didn't see the comment in the tutorial

// If modifying these scopes, delete your previously saved token.json.

I suggest you deleted token.json and then the application will require that you authorize it again and your code should work with the elevated permissions.