Re-seller API - insufficient permissions










0















I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.



Where am I currently:



  • Can create a google client object

  • Can check if a customer already exists with that domain

  • Can create a customer object

Guide:




  • https://developers.google.com/admin-sdk/reseller/v1/codelab/end-to-end

  • https://developers.google.com/admin-sdk/reseller/v1/quickstart/php

Error Code:




Uncaught Google_Service_Exception:
{"error":{"errors":["domain":"global","reason":"insufficientPermissions","message":"Insufficient
Permission"]




I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.



Current Scope:



function get_client()

$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];

$client = new Google_Client();
$client->setApplicationName('test');
$client->setScopes($OAUTH2_SCOPES);
$client->setAuthConfig(__DIR__ . '/credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');

// Load previously authorized token from a file, if it exists.
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
$tokenPath = 'token.json';
if(file_exists($tokenPath))

$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);


// If there is no previous token or it's expired.
if($client->isAccessTokenExpired())

// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken())

$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());

else

// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:n%sn", $authUrl);
print 'Enter verification code: ';
$authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);

// Check to see if there was an error.
if(array_key_exists('error', $accessToken))

throw new Exception(join(', ', $accessToken));


// Save the token to a file.
if (!file_exists(dirname($tokenPath)))

mkdir(dirname($tokenPath), 0700, true);

file_put_contents($tokenPath, json_encode($client->getAccessToken()));


return $client;










share|improve this question




























    0















    I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.



    Where am I currently:



    • Can create a google client object

    • Can check if a customer already exists with that domain

    • Can create a customer object

    Guide:




    • https://developers.google.com/admin-sdk/reseller/v1/codelab/end-to-end

    • https://developers.google.com/admin-sdk/reseller/v1/quickstart/php

    Error Code:




    Uncaught Google_Service_Exception:
    {"error":{"errors":["domain":"global","reason":"insufficientPermissions","message":"Insufficient
    Permission"]




    I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.



    Current Scope:



    function get_client()

    $OAUTH2_SCOPES = [
    Google_Service_Reseller::APPS_ORDER,
    Google_Service_SiteVerification::SITEVERIFICATION,
    Google_Service_Directory::ADMIN_DIRECTORY_USER,
    ];

    $client = new Google_Client();
    $client->setApplicationName('test');
    $client->setScopes($OAUTH2_SCOPES);
    $client->setAuthConfig(__DIR__ . '/credentials.json');
    $client->setAccessType('offline');
    $client->setPrompt('select_account consent');

    // Load previously authorized token from a file, if it exists.
    // The file token.json stores the user's access and refresh tokens, and is
    // created automatically when the authorization flow completes for the first
    // time.
    $tokenPath = 'token.json';
    if(file_exists($tokenPath))

    $accessToken = json_decode(file_get_contents($tokenPath), true);
    $client->setAccessToken($accessToken);


    // If there is no previous token or it's expired.
    if($client->isAccessTokenExpired())

    // Refresh the token if possible, else fetch a new one.
    if ($client->getRefreshToken())

    $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());

    else

    // Request authorization from the user.
    $authUrl = $client->createAuthUrl();
    printf("Open the following link in your browser:n%sn", $authUrl);
    print 'Enter verification code: ';
    $authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

    // Exchange authorization code for an access token.
    $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
    $client->setAccessToken($accessToken);

    // Check to see if there was an error.
    if(array_key_exists('error', $accessToken))

    throw new Exception(join(', ', $accessToken));


    // Save the token to a file.
    if (!file_exists(dirname($tokenPath)))

    mkdir(dirname($tokenPath), 0700, true);

    file_put_contents($tokenPath, json_encode($client->getAccessToken()));


    return $client;










    share|improve this question


























      0












      0








      0








      I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.



      Where am I currently:



      • Can create a google client object

      • Can check if a customer already exists with that domain

      • Can create a customer object

      Guide:




      • https://developers.google.com/admin-sdk/reseller/v1/codelab/end-to-end

      • https://developers.google.com/admin-sdk/reseller/v1/quickstart/php

      Error Code:




      Uncaught Google_Service_Exception:
      {"error":{"errors":["domain":"global","reason":"insufficientPermissions","message":"Insufficient
      Permission"]




      I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.



      Current Scope:



      function get_client()

      $OAUTH2_SCOPES = [
      Google_Service_Reseller::APPS_ORDER,
      Google_Service_SiteVerification::SITEVERIFICATION,
      Google_Service_Directory::ADMIN_DIRECTORY_USER,
      ];

      $client = new Google_Client();
      $client->setApplicationName('test');
      $client->setScopes($OAUTH2_SCOPES);
      $client->setAuthConfig(__DIR__ . '/credentials.json');
      $client->setAccessType('offline');
      $client->setPrompt('select_account consent');

      // Load previously authorized token from a file, if it exists.
      // The file token.json stores the user's access and refresh tokens, and is
      // created automatically when the authorization flow completes for the first
      // time.
      $tokenPath = 'token.json';
      if(file_exists($tokenPath))

      $accessToken = json_decode(file_get_contents($tokenPath), true);
      $client->setAccessToken($accessToken);


      // If there is no previous token or it's expired.
      if($client->isAccessTokenExpired())

      // Refresh the token if possible, else fetch a new one.
      if ($client->getRefreshToken())

      $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());

      else

      // Request authorization from the user.
      $authUrl = $client->createAuthUrl();
      printf("Open the following link in your browser:n%sn", $authUrl);
      print 'Enter verification code: ';
      $authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

      // Exchange authorization code for an access token.
      $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
      $client->setAccessToken($accessToken);

      // Check to see if there was an error.
      if(array_key_exists('error', $accessToken))

      throw new Exception(join(', ', $accessToken));


      // Save the token to a file.
      if (!file_exists(dirname($tokenPath)))

      mkdir(dirname($tokenPath), 0700, true);

      file_put_contents($tokenPath, json_encode($client->getAccessToken()));


      return $client;










      share|improve this question
















      I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.



      Where am I currently:



      • Can create a google client object

      • Can check if a customer already exists with that domain

      • Can create a customer object

      Guide:




      • https://developers.google.com/admin-sdk/reseller/v1/codelab/end-to-end

      • https://developers.google.com/admin-sdk/reseller/v1/quickstart/php

      Error Code:




      Uncaught Google_Service_Exception:
      {"error":{"errors":["domain":"global","reason":"insufficientPermissions","message":"Insufficient
      Permission"]




      I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.



      Current Scope:



      function get_client()

      $OAUTH2_SCOPES = [
      Google_Service_Reseller::APPS_ORDER,
      Google_Service_SiteVerification::SITEVERIFICATION,
      Google_Service_Directory::ADMIN_DIRECTORY_USER,
      ];

      $client = new Google_Client();
      $client->setApplicationName('test');
      $client->setScopes($OAUTH2_SCOPES);
      $client->setAuthConfig(__DIR__ . '/credentials.json');
      $client->setAccessType('offline');
      $client->setPrompt('select_account consent');

      // Load previously authorized token from a file, if it exists.
      // The file token.json stores the user's access and refresh tokens, and is
      // created automatically when the authorization flow completes for the first
      // time.
      $tokenPath = 'token.json';
      if(file_exists($tokenPath))

      $accessToken = json_decode(file_get_contents($tokenPath), true);
      $client->setAccessToken($accessToken);


      // If there is no previous token or it's expired.
      if($client->isAccessTokenExpired())

      // Refresh the token if possible, else fetch a new one.
      if ($client->getRefreshToken())

      $client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());

      else

      // Request authorization from the user.
      $authUrl = $client->createAuthUrl();
      printf("Open the following link in your browser:n%sn", $authUrl);
      print 'Enter verification code: ';
      $authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

      // Exchange authorization code for an access token.
      $accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
      $client->setAccessToken($accessToken);

      // Check to see if there was an error.
      if(array_key_exists('error', $accessToken))

      throw new Exception(join(', ', $accessToken));


      // Save the token to a file.
      if (!file_exists(dirname($tokenPath)))

      mkdir(dirname($tokenPath), 0700, true);

      file_put_contents($tokenPath, json_encode($client->getAccessToken()));


      return $client;







      php google-admin-sdk gsuite google-reseller-api






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 15 '18 at 5:07









      jess

      1,076110




      1,076110










      asked Nov 14 '18 at 15:03









      MacMac

      12




      12






















          1 Answer
          1






          active

          oldest

          votes


















          0














          I manage to figure out the solution myself.



          The problem:

          insufficient Permissions



          The Solution:

          The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)






          share|improve this answer






















            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53303173%2fre-seller-api-insufficient-permissions%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I manage to figure out the solution myself.



            The problem:

            insufficient Permissions



            The Solution:

            The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)






            share|improve this answer



























              0














              I manage to figure out the solution myself.



              The problem:

              insufficient Permissions



              The Solution:

              The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)






              share|improve this answer

























                0












                0








                0







                I manage to figure out the solution myself.



                The problem:

                insufficient Permissions



                The Solution:

                The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)






                share|improve this answer













                I manage to figure out the solution myself.



                The problem:

                insufficient Permissions



                The Solution:

                The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 15 '18 at 9:30









                MacMac

                12




                12





























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53303173%2fre-seller-api-insufficient-permissions%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    這個網誌中的熱門文章

                    How to read a connectionString WITH PROVIDER in .NET Core?

                    Node.js Script on GitHub Pages or Amazon S3

                    Museum of Modern and Contemporary Art of Trento and Rovereto