Re-seller API - insufficient permissions
I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.
Where am I currently:
- Can create a google client object
- Can check if a customer already exists with that domain
- Can create a customer object
Guide:
https://developers.google.com/admin-sdk/reseller/v1/codelab/end-to-end- https://developers.google.com/admin-sdk/reseller/v1/quickstart/php
Error Code:
Uncaught Google_Service_Exception:
{"error":{"errors":["domain":"global","reason":"insufficientPermissions","message":"Insufficient
Permission"]
I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.
Current Scope:
function get_client()
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
$client = new Google_Client();
$client->setApplicationName('test');
$client->setScopes($OAUTH2_SCOPES);
$client->setAuthConfig(__DIR__ . '/credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
// Load previously authorized token from a file, if it exists.
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
$tokenPath = 'token.json';
if(file_exists($tokenPath))
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
// If there is no previous token or it's expired.
if($client->isAccessTokenExpired())
// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken())
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
else
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:n%sn", $authUrl);
print 'Enter verification code: ';
$authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
// Check to see if there was an error.
if(array_key_exists('error', $accessToken))
throw new Exception(join(', ', $accessToken));
// Save the token to a file.
if (!file_exists(dirname($tokenPath)))
mkdir(dirname($tokenPath), 0700, true);
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
return $client;
php google-admin-sdk gsuite google-reseller-api
edited Nov 15 '18 at 5:07
jess
1,076110
asked Nov 14 '18 at 15:03
MacMac
12
add a comment |
I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.
Where am I currently:
- Can create a google client object
- Can check if a customer already exists with that domain
- Can create a customer object
Guide:
https://developers.google.com/admin-sdk/reseller/v1/codelab/end-to-end- https://developers.google.com/admin-sdk/reseller/v1/quickstart/php
Error Code:
Uncaught Google_Service_Exception:
{"error":{"errors":["domain":"global","reason":"insufficientPermissions","message":"Insufficient
Permission"]
I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.
Current Scope:
function get_client()
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
$client = new Google_Client();
$client->setApplicationName('test');
$client->setScopes($OAUTH2_SCOPES);
$client->setAuthConfig(__DIR__ . '/credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
// Load previously authorized token from a file, if it exists.
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
$tokenPath = 'token.json';
if(file_exists($tokenPath))
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
// If there is no previous token or it's expired.
if($client->isAccessTokenExpired())
// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken())
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
else
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:n%sn", $authUrl);
print 'Enter verification code: ';
$authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
// Check to see if there was an error.
if(array_key_exists('error', $accessToken))
throw new Exception(join(', ', $accessToken));
// Save the token to a file.
if (!file_exists(dirname($tokenPath)))
mkdir(dirname($tokenPath), 0700, true);
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
return $client;
php google-admin-sdk gsuite google-reseller-api
edited Nov 15 '18 at 5:07
jess
1,076110
asked Nov 14 '18 at 15:03
MacMac
12
add a comment |
I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.
Where am I currently:
- Can create a google client object
- Can check if a customer already exists with that domain
- Can create a customer object
Guide:
https://developers.google.com/admin-sdk/reseller/v1/codelab/end-to-end- https://developers.google.com/admin-sdk/reseller/v1/quickstart/php
Error Code:
Uncaught Google_Service_Exception:
{"error":{"errors":["domain":"global","reason":"insufficientPermissions","message":"Insufficient
Permission"]
I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.
Current Scope:
function get_client()
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
$client = new Google_Client();
$client->setApplicationName('test');
$client->setScopes($OAUTH2_SCOPES);
$client->setAuthConfig(__DIR__ . '/credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
// Load previously authorized token from a file, if it exists.
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
$tokenPath = 'token.json';
if(file_exists($tokenPath))
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
// If there is no previous token or it's expired.
if($client->isAccessTokenExpired())
// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken())
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
else
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:n%sn", $authUrl);
print 'Enter verification code: ';
$authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
// Check to see if there was an error.
if(array_key_exists('error', $accessToken))
throw new Exception(join(', ', $accessToken));
// Save the token to a file.
if (!file_exists(dirname($tokenPath)))
mkdir(dirname($tokenPath), 0700, true);
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
return $client;
php google-admin-sdk gsuite google-reseller-api
edited Nov 15 '18 at 5:07
jess
1,076110
asked Nov 14 '18 at 15:03
MacMac
12
I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.
Where am I currently:
- Can create a google client object
- Can check if a customer already exists with that domain
- Can create a customer object
Guide:
https://developers.google.com/admin-sdk/reseller/v1/codelab/end-to-end- https://developers.google.com/admin-sdk/reseller/v1/quickstart/php
Error Code:
Uncaught Google_Service_Exception:
{"error":{"errors":["domain":"global","reason":"insufficientPermissions","message":"Insufficient
Permission"]
I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.
Current Scope:
function get_client()
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
$client = new Google_Client();
$client->setApplicationName('test');
$client->setScopes($OAUTH2_SCOPES);
$client->setAuthConfig(__DIR__ . '/credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
// Load previously authorized token from a file, if it exists.
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
$tokenPath = 'token.json';
if(file_exists($tokenPath))
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
// If there is no previous token or it's expired.
if($client->isAccessTokenExpired())
// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken())
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
else
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:n%sn", $authUrl);
print 'Enter verification code: ';
$authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
// Check to see if there was an error.
if(array_key_exists('error', $accessToken))
throw new Exception(join(', ', $accessToken));
// Save the token to a file.
if (!file_exists(dirname($tokenPath)))
mkdir(dirname($tokenPath), 0700, true);
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
return $client;
php google-admin-sdk gsuite google-reseller-api
php google-admin-sdk gsuite google-reseller-api
edited Nov 15 '18 at 5:07
jess
1,076110
asked Nov 14 '18 at 15:03
MacMac
12
edited Nov 15 '18 at 5:07
jess
1,076110
asked Nov 14 '18 at 15:03
MacMac
12
edited Nov 15 '18 at 5:07
jess
1,076110
edited Nov 15 '18 at 5:07
jess
1,076110
edited Nov 15 '18 at 5:07
jess
1,076110
1,076110
asked Nov 14 '18 at 15:03
MacMac
12
asked Nov 14 '18 at 15:03
MacMac
12
asked Nov 14 '18 at 15:03
MacMac
12
12
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I manage to figure out the solution myself.
The problem:
insufficient Permissions
The Solution:
The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)
answered Nov 15 '18 at 9:30
MacMac
12
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53303173%2fre-seller-api-insufficient-permissions%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I manage to figure out the solution myself.
The problem:
insufficient Permissions
The Solution:
The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)
answered Nov 15 '18 at 9:30
MacMac
12
add a comment |
I manage to figure out the solution myself.
The problem:
insufficient Permissions
The Solution:
The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)
answered Nov 15 '18 at 9:30
MacMac
12
add a comment |
I manage to figure out the solution myself.
The problem:
insufficient Permissions
The Solution:
The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)
answered Nov 15 '18 at 9:30
MacMac
12
I manage to figure out the solution myself.
The problem:
insufficient Permissions
The Solution:
The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)
answered Nov 15 '18 at 9:30
MacMac
12
answered Nov 15 '18 at 9:30
MacMac
12
answered Nov 15 '18 at 9:30
MacMac
12
answered Nov 15 '18 at 9:30
MacMac
12
12
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53303173%2fre-seller-api-insufficient-permissions%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
