Menu
My app will publish, edit and delete events on users' Google Calendars. I am configuring OAuth to make this happen. The idea is that upon signup, the user will be able to go into their settings and give consent to connect my app to their Google Calendar. I will then be able to store the oauth token and refresh token in the database and use them to when I create/edit/delete events on the user's calendar.
Anyway, the issue is that I pick my account:
I then provide consent by clicking "Allow":
Here is where it gets weird: behind the scenes, the Google Calendar API reports a 403 Forbidden error.
%Ueberauth.Failure{errors: [%Ueberauth.Failure.Error{message: 403,
message_key: "OAuth2"}], provider: :google,
strategy: Ueberauth.Strategy.Google}
My ueberauth config:
config :ueberauth, Ueberauth,
providers: [
google: {Ueberauth.Strategy.Google, [default_scope: "https://www.googleapis.com/auth/calendar", approval_prompt: "force", access_type: "offline"]}
]
The request I'm making:
def callback(%{assigns: %{ueberauth_failure: fail}} = conn, _params) do
IO.inspect fail
conn
|> put_flash(:error, "Failed to authenticate.")
|> redirect(to: "/")
end
def callback(%{assigns: %{ueberauth_auth: auth}} = conn, _params) do
IO.inspect auth
conn
|> put_flash(:success, "Connected to Google.")
|> redirect(to: "/")
end
The first callback function is the one that matches (since it fails).
However, when I go to my Google account, I can see that the app has been granted permission:
I am providing the correct client_id and client_secret. In addition, I have created a service account in the Google API Console and shared my calendar with that account:
What else do I need to do?
Edit: Some more info - I am able to grant access to all other Google modules via my code (which is boilerplate Ueberauth_Google). For example, if I make the request with email as the scope, it works and I get the auth_token from Google. Only Google Calendar gives 403, which leads me to believe there is something specific about it that is causing it.
Edit 2: I looked at the error handling section of the Google Calendar API, and none of the 403 errors listed there apply to me:
Edit 3: I created a brand new Google account and shared its calendar with my Google Service Account. That one gives the same error though.
696
"code": 403, "message": "The user does not have sufficient permissions for file {fileId}." To fix this error, instruct the user to contact the file's owner and request edit access. You can also check user access levels in the metadata retrieved by files.
In the Google Cloud console, go to Menu menu > APIs & Services > Credentials. Click Create Credentials > OAuth client ID. Click Application type > Desktop app. In the Name field, type a name for the credential.
Finally figured it out.
The https://www.googleapis.com/auth/calendar scope by itself was not sufficient. Also needed to add https://www.googleapis.com/auth/userinfo.profile to the scope.
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
