29

I'm doing a get request to the following URL (with {id} replaced with the id from the web interface):

https://www.googleapis.com/calendar/v3/calendars/{id}

A few assertions:

  1. The Authorize header is being correctly set with a valid access token (the token works fine for the Analytics API)

  2. I've set the following scope for oauth2, which shows up correctly: 

    https://www.googleapis.com/auth/calendar

  3. The token doesn't appear to have expired; it works for the Analytics API.

    { "error": { "errors": [ { "domain": "global", "reason": "insufficientPermissions", "message": "Insufficient Permission" } ], "code": 403, "message": "Insufficient Permission" } }
Soviut
  • 88,194
  • 49
  • 192
  • 260
rob_mccann
  • 1,237
  • 2
  • 11
  • 16

9 Answers9

26

To fix, I revoked access to the app at https://accounts.google.com/IssuedAuthSubTokens and retried after which, I was able to access the API correctly.

Despite having the scope in the list, and the scope showing up on Google's OAuth2 grant page, the additional scope wasn't granted.

rob_mccann
  • 1,237
  • 2
  • 11
  • 16
  • Hi rob :) I revoked access :) And, I'm curious how can I approve it? :) Sorry & Thank you :) – whitesiroi Jul 09 '13 at 03:35
  • 1
    nearly two years later, this is what works when you've ruled out config errors! @whitesiroi Presumably you've since figured it out, but for posterity: – user1870776 Feb 24 '15 at 23:40
  • You re-authorize as normal on the apps auth page. In development with Rails, Devise (_for :users) and google_oauth2 it's your user_omniauth_authorize_path – user1870776 Feb 24 '15 at 23:49
  • This did not work for me. When I try to add an event to the calendar I get the insufficient permission message. I can list the events no problem. I even shared public the calendar and it won't help... i don't know what else to do. – Guillaume Bois Aug 13 '15 at 14:50
  • 1
    I followed your link, clicked remove on the game I've already granted. Now I can't get auth code from my game. I get "AuthApiAccessForbidden" Please help. – Hamzeh Soboh Mar 03 '17 at 11:53
  • 1
    @HamzehSoboh Men I did the exact same and now I'm stuck, How to re-authorize acces please I need help – Azoulay Jason Oct 30 '18 at 17:57
7

I would double-check the scope is included - I've seen that exact message when I've requested the wrong scope. Visiting https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=xxxxxx is a good way to verify.

Assuming that checks out, make sure that the user that you have the access token for has permission to view the calendar that you're trying to access. "Gears" icon -> "Settings" -> "Calendars" -> (select calendar) -> "Share this calendar"

aeijdenberg
  • 2,427
  • 1
  • 16
  • 13
6

Add scope for calendar visit calendar api and check access configuration

https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/calendar.readonly
Filsh
  • 1,128
  • 10
  • 4
4

When I did the example in QuickStart, I could get the list of the events from my calendar.
But I was using the SCOPE='https://www.googleapis.com/auth/calendar.readonly'.

When I execute the code was generated a link, where I had to create a key for permission to list the events from Calendar. So, when I tried to insert an event I had this error INSUFICIENT PERMISSION.

To solve this issue:
1) I changed the SCOPE to https://www.googleapis.com/auth/calendar
2) delete the file token.json
3) execute the code again, and I had to create a new key for permission, now with the permission to insert a new event.

linhadiretalipe
  • 907
  • 7
  • 8
2

I had to include the Google Plus scope in order to have sufficent permission to access a calendar:

So my scope ended up looking like this:

'https://www.googleapis.com/auth/calendar', 'https://www.googleapis.com/auth/calendar.readonly', 'https://www.googleapis.com/auth/plus.login'

Dylan Pierce
  • 4,313
  • 3
  • 35
  • 45
  • 1
    The plus.login scope is a bit broad - it also grabs age range and warns the user, the login will still work if you add this one instead: `https://www.googleapis.com/auth/userinfo.profile` – Gareth Jun 06 '18 at 07:56
1

I have had to delete permissions to my application and then back to give permissions in https://security.google.com/settings/security/permissions

NoE
  • 11
  • 1
1

I also face same issue when add or edit event. And after some googling, I found that, one scope will give you all permission - 

https://www.googleapis.com/auth/calendar
Mahfuzur Rahman
  • 1,497
  • 18
  • 23
0

I had the same issue while I was trying to add an event in my google calendar. How I finally fixed this :

  • delete my file 'credentials.json'
  • launch a Python program which looks like the Google's quickstart program with written in " SCOPES = 'https://www.googleapis.com/auth/calendar' ". This program was the only solution that worked for me. Launch my django command to call my real work did not work for me. But this fixed my permission problem.

Then, it opens your browser and google asks your permission to manage your calendar and create a new 'credentials.json' in your repertory.

Thomas Simmer
  • 1
0

Add scope = ['https://www.googleapis.com/auth/calendar'] instead of ['https://www.googleapis.com/auth/calendar.readonly']

Sheth Chaitali
  • 1
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jun 28 '22 at 06:47