n8ndot
April 24, 2024, 7:55pm
1
When I create an HTTP REQUEST using the predefined authentication of Google Workspace Admin OAuth2 API, shortly after, a box appears informing me about 4 available scopes.
It turns out that none of the listed scopes is what I need for my action. Even after enabling the scope in my application on Google Cloud, the list doesn’t change, and I can’t complete my request.
Not a error:
Forbidden - perhaps check your credentials?
{ "error": { "code": 403, "message": "Request had insufficient authentication scopes.", "errors": [ { "message": "Insufficient Permission", "domain": "global", "reason": "insufficientPermissions" } ], "status": "PERMISSION_DENIED", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT", "domain": "googleapis.com", "metadata": { "service": "admin.googleapis.com", "method": "ccc.hosted.frontend.directory.v1.DirectoryVerificationCodes.List" } } ] } }
n8n version: Version 1.36.4Database (default: SQLite): n8n EXECUTIONS_PROCESS setting (default: own, main): Running n8n via (Docker, npm, n8n cloud, desktop app): N8N CloudOperating system:
barn4k
April 24, 2024, 8:17pm
2
hello @n8ndot google API page , not from n8n as the information may be old.
For that action, you need the admin.directory.user.security scope
n8ndot
April 24, 2024, 8:22pm
3
@barn4k thanks for you reply,
If I go to my Google Cloud application, on the OAuth permissions screen, in the scope section, I already have the scope enabled, shouldn’t that be enough for the workflow to work?
barn4k
April 24, 2024, 8:44pm
4
Actually, yes, it should be fine. Do you have any audit logs related to the issue with permissions?
And check how the request looks in the dev console (f12 > console tab) when you are running the HTTP node. Maybe you will see the scopes).
Another issue may occur if n8n tries to send the request with the wrong scope, e.g. with admin.directory.user instead of admin.directory.user.security
barn4k
April 24, 2024, 8:54pm
5
Seems the n8n uses default scopes when connects to the workspace resources.
I’ve found the scope list and there are no user.security scope there - n8n/packages/nodes-base/credentials/GSuiteAdminOAuth2Api.credentials.ts at d9e74949c4db7282c3ab42bd6825aa5acc042400 · n8n-io/n8n · GitHub
So you can use the generic OAuth 2.0 credentials to specify the correct scope there.
@Jon Am I missing something?
1 Like
n8ndot
April 25, 2024, 11:44am
6
I thought about it, but I couldn’t set it up correctly, so I didn’t test it earlier.
The documentation is not clear, and I would like to ask a silly question, where do I find the authorization URL and access token URL information?
Is the Grant Type correctly?
What the doc says:
Thank you for your time.
barn4k
April 25, 2024, 7:21pm
7
Authorization url should be that one:https://accounts.google.com/o/oauth2/v2/auth
Access token url:https://oauth2.googleapis.com/token
Scope:https://www.googleapis.com/auth/admin.directory.user.security
I’ve found it in the docs
system
May 3, 2024, 2:13pm
8
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
