7

THE SITUATION:

I am testing the Gmail API for my app.

I have tested some requests and they are working fine. For example get messages, get user history, get draft list etc..

Basically all the read only requests are working fine.

I have instead some issues related with permission with other requests, for example when i have to write or delete a draft.

This is the error i get: 

(403) Insufficient Permission

THE CODE:

This is the function to initialize the app:

public function gmail_init_service()
{
    $client = new Google_Client();

    $client->setApplicationName("Gmail API test");
    $client->setDeveloperKey("MY_KEY");
    $client->setClientSecret('MY_CLIENT_SECRET');
    $client->SetClientId('MY_CLIENT_ID');
    $client->setScopes(array('https://mail.google.com/'));
    $client->setAccessToken('{"access_token":"MY_ACCESS_TOKEN","token_type":"Bearer","expires_in":3600,"refresh_token":"MY_REFRESH_TOKEN","created":1433502343}');

    $service = new Google_Service_Gmail($client);

    return $service;
}

This is the request to delete one draft:

public function gmail_delete_draft()
{
    $service = $this->gmail_init_service();

    // --------------- Get draft list --------------

    $list = $service->users_drafts->listUsersDrafts('me');
    $draftList = $list->getDrafts();

    // --------------- Get draft IDs ---------------

    $inbox_draft = [];

    foreach($draftList as $mlist)
    {
        $draftId = $mlist->id;
        $optParamsGet2['format'] = 'full';
        $single_message = $service->users_drafts->get('me', $draftId , $optParamsGet2);

        $inbox_draft[]['draftId'] = $draftId;
        $inbox_draft[]['draft'] = $single_message;
    }

    // --------------- Delete draft ---------------

    $draft_delete = $service->users_drafts->delete('me', 'DRAFT_ID' );
}

EDIT:

I have tried to revoke the permission and setup new credentials. The scope declared when initializing the service is:

https://mail.google.com/

that as stated in the documentation grant full access to the account.

But i am still getting the same error. The same exact error for the following requests:

Delete draft - Create draft - Create label - Delete message

THE QUESTION:

Why am i getting that error?
It has to do with same values store in a cache?
Or is related with permission of the API?

FrancescoMussi
  • 20,760
  • 39
  • 126
  • 178

2 Answers2

11

You need 'https://www.googleapis.com/auth/gmail.compose' to create a draft. So what happens if you 

$client->setScopes(array(
    'https://mail.google.com/',
    'https://www.googleapis.com/auth/gmail.compose'
));

or if you want to get more formal

define('SCOPES', implode(' ', array(
  Google_Service_Gmail::MAIL_GOOGLE_COM,
  Google_Service_Gmail::GMAIL_COMPOSE)
));

$client->setScopes(SCOPES)

or whatever the valid php might be (I haven't done php for a while).

Note that if you have a token already you might have to do some calisthenics to revoke it so you can reissue with the added permissions. That might mean deleting a file, perhaps named gmail.storage or, if you have access to the account login and make your way to https://security.google.com/settings/security/permissions the access permissions can be manually revoked.

This link might be relevant: https://developers.google.com/gmail/api/auth/scopes

And a meander through the source code might be enlightening.

You might be able to glean some insight from my battle with this same sort of thing under Python

Community
  • 1
  • 1
John Mee
  • 50,179
  • 34
  • 152
  • 186
  • 2
    Thank you! I have basically put together the two answers. Revoke and re-enabling the api was not enough. But i have created a brand new account, and in the file quickstart.php I have replaced Google_Service_Gmail::GMAIL_READONLY with Google_Service_Gmail::MAIL_GOOGLE_COM, Google_Service_Gmail::GMAIL_COMPOSE. As well as setting the scopes 'https://mail.google.com/', 'https://www.googleapis.com/auth/gmail.compose' when initializing the api in my app. Now is working fine. – FrancescoMussi Jun 09 '15 at 11:17
2

You need https://mail.google.com/ as your scope to be able to delete mail.

Tholle
  • 108,070
  • 19
  • 198
  • 189
  • Thanks for replying! I have tried that scope alone, and in conjunction with the previous scope, but still i am getting the same error – FrancescoMussi Jun 05 '15 at 08:59
  • Must be that caching problem you are talking about. Shoot! On another note, I think you are better off just creating the client once when your application is started, and pass around your $service variable to your functions instead. Go and revoke the access of your app (https://security.google.com/settings/security/permissions) and try again :) – Tholle Jun 05 '15 at 09:25
  • But the scope change depending on the request no? Or can i use https://mail.google.com/ for all the requests? – FrancescoMussi Jun 05 '15 at 10:06
  • Please Tholle i need help! I revoke the permission from that page. I have tried again to activate the app creating new client ID, new key, and download the new client_secret.json and following the instuctions: https://developers.google.com/gmail/api/quickstart/php but when i run quickstart.php i get the error: Token has been revoked. From that page doesn't show the Gmail API anymore. how can i grant again permission? – FrancescoMussi Jun 05 '15 at 10:55
  • Ok i had to delete the file gmail-api-quickstart.json from the .credentials folder in my users folder. Now i am setting up again the API properly and will try again to make the request – FrancescoMussi Jun 05 '15 at 11:07
  • You should only use the access token on requests. The other information is just for when you ask the user for permission. – Tholle Jun 05 '15 at 11:08
  • Ok i have set up the API from the beginning. But i am getting the same error. Despite the fact that i am declaring only the scope that you suggest. Maybe there is a way to clean the cache of the API? – FrancescoMussi Jun 05 '15 at 11:15
  • 1
    I don't know, I' sorry :( Hopefully someone else can chime in. – Tholle Jun 05 '15 at 12:20
  • @Tholle Can you suggest resources for learning about "scopes"? Thank you. – Sabuncu Mar 31 '16 at 17:26