8

to check inapp purchase i have used this api https://androidpublisher.googleapis.com/androidpublisher/v3/applications/{packageName}/purchases/products/{productId}/tokens/{token} and got this response.

{
    "error": {
        "code": 403,
        "message": "Request had insufficient authentication scopes.",
        "errors": [
            {
                "message": "Insufficient Permission",
                "domain": "global",
                "reason": "insufficientPermissions"
            }
        ],
        "status": "PERMISSION_DENIED",
        "details": [
            {
                "@type": "type.googleapis.com/google.rpc.ErrorInfo",
                "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
                "domain": "googleapis.com",
                "metadata": {
                    "method": "androidpublisher.ProductPurchasesService.Get",
                    "service": "androidpublisher.googleapis.com"
                }
            }
        ]
    }
}
Mahmudul Hasan
  • 81
  • 1
  • 1
  • 2
  • Please edit your question and include your code – Linda Lawton - DaImTo Nov 24 '21 at 18:01
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Nov 30 '21 at 08:15
  • If you're running an application from a compute instance or GKE you may have a problem with the *scopes* of that *instance* (as distinct from the IAM roles assigned to the service account the application is run with). Hard to find a general documation page for it, but look at the `--scopes` arg for `gcloud compute instances create`. Documentation for a similar problem in secret manager is [here](https://cloud.google.com/secret-manager/docs/access-control). – modulus0 Oct 29 '22 at 20:59
  • 1
    You may just need to add `--scopes "https://www.googleapis.com/auth/cloud-platform"` (or whatever scope you're missing) – modulus0 Oct 29 '22 at 21:00

1 Answers1

13

By any chance, have you been invoking this from a GCE VM? If so, you might want to:

  1. Stop the VM

  2. Go to the GCE VM instances in the cloud console

  3. Click edit on the machine

  4. Go to scopes enter image description here

  5. Edit the scopes as desired (preferably adding the scope just to a particular API or if you are OK with it - to all APIs, depending on context and risk)

  6. Restart the machine and make the API call again

Some useful references can be found here and here.

Kiril
  • 199
  • 2
  • 10