php - OAuth2 token, message: '{ "error" : "access_denied" }' returned when I try to update Google Calendar using OAuth (Service Account) -
i using google standard library php using calendar service , have set service account type oauth 2.0 authentication through google api console.
my main objective update user's google calendar (eg: user@organisationname.com) (when user not online) through batch. eg. updating event in users calendar.
when user logs in application (using oauth2.0) he/she provide permission application "manage calendars","view calendars" , "perform these operations when i'm not using application"
following code used login using oauth2.0
<?php require_once '../../src/google_client.php'; require_once '../../src/contrib/google_calendarservice.php'; session_start(); $client = new google_client(); $client->setapplicationname("google calendar php starter application"); $client->setclientid('xxxxx-flue2a9o5ll602ovrhaejlpm9otgjh1r.apps.googleusercontent.com'); $client->setclientsecret('xxxxxxxxxx'); $client->setredirecturi('http://localhost/testapi/google-api-php-client/examples/calendar/simple.php'); $client->setdeveloperkey('aizasycgvxrxgmo58zdswyb4zbkjgrmlchbriri'); $cal = new google_calendarservice($client); if (isset($_get['logout'])) { unset($_session['token']); } if (isset($_get['code'])) { $client->authenticate($_get['code']); $_session['code']=$_get['code']; $_session['token'] = $client->getaccesstoken(); header('location: http://' . $_server['http_host'] . $_server['php_self']); } if (isset($_session['token'])) { $client->setaccesstoken($_session['token']); } if ($client->getaccesstoken()) { $callist = $cal->calendarlist->listcalendarlist(); print "<h1>calendar list</h1><pre>" . print_r($callist, true) . "</pre>"; echo $_session['code']; $_session['token'] = $client->getaccesstoken(); } else { $authurl = $client->createauthurl(); print "<a class='login' href='$authurl'>connect me!</a>"; } ?> once permissions have save use these permissions in future when user not logged in?
following code works fine when user logged in. returns error refreshing oauth2 token, message: '{ "error" : "access_denied" }' when user logged out
<?php require_once '../src/google_client.php'; require_once '../src/contrib/google_calendarservice.php'; session_start(); const client_id = 'xxxxxx.apps.googleusercontent.com'; const service_account_name = 'xxxx@developer.gserviceaccount.com'; const key_file = 'f183b8caxxxxxxxxatekey.p12'; $client = new google_client(); $client->setapplicationname("xxxxxxxx calendar service"); if (isset($_session['token'])) { $client->setaccesstoken($_session['token']); } $key = file_get_contents(key_file); $client->setclientid(client_id); $client->setassertioncredentials(new google_assertioncredentials( service_account_name, array('https://www.googleapis.com/auth/calendar'), $key, 'notasecret', 'http://oauth.net/grant_type/jwt/1.0/bearer', '363183053@developer.gserviceaccount.com') ); $client->setclientid(client_id); $cal = new google_calendarservice($client); try{ $cal->events->quickadd("info@organisationname.com", "service test "); }catch(exception $e){ print_r($e->getmessage()); } // we're not done yet. remember update cached access token. // remember replace $_session real database or memcached. if ($client->getaccesstoken()) { echo $_session['token'] = $client->getaccesstoken(); } what should in order update calendar when user not logged in (provided user has given permission). should save access code when user logged in , use later when want run batch?
btw association handle?
you getting error because of scopes not mentioned properly. in google oauth 2.0 scope defined :
indicates google api access application requesting. values passed in parameter inform consent page shown user. there inverse relationship between number of permissions requested , likelihood of obtaining user consent.
space delimited set of permissions application requests
to resolve issue have first change scope parameters
include calender scope in it
then access token , try change things
then changes accordingly requirements , steps provided in api documentation
Comments
Post a Comment