I have some code which is to do an API call to get my business reviews, this all works fine on my local development machine to get the initial Auth, however, when I move that exact same code (inc api ids and secrets) to the live website on Azure, I get an “access is denied” exception.

I’ve specified the localhost and live domains in the API credentials “Authorised redirect URIs” values that I’m using in the google API, but when I move the code to the live server and run the below code I get the error:

Exception Details: System.Net.HttpListenerException: Access is denied

string clientId = "MY_CLIENT_ID";
            string clientSecret = "MY_CLIENT_SECRET";
            //Location ID: credentials might have multiple locations - pick the right one.

            string accountId = "MY_ACCOUNT_ID";

            string[] scopes = new string[] { "https://www.googleapis.com/auth/business.manage" };

            var userCredential = GoogleWebAuthorizationBroker.AuthorizeAsync(
                new ClientSecrets
                {
                    ClientId = clientId,
                    ClientSecret = clientSecret,
                },
                 scopes,
                 "user",
                 System.Threading.CancellationToken.None).Result;

I’m clearly missing something. I don’t get any tokens on my local dev as I am assuming the id and keys do this for me – in fact I had a load of issues getting it working on my local development machine, and then it suddenly it started to work after playing the the oauth 2.0 playground – but I’m not sure what I did if that was indeed what solved it. So I think this is a lack of knowledge here and need some insight into the flow – I find the Google documentation really hard to follow. Could it be that I did something on my local machine to allow access to the API from that (my machine) server? If so, how might I replicate this automatically on the live server?…..that might also be a completely wrong line of thought.

Has anyone seen this exception and able to advise on what I’m missing, and explain why it might be working locally, but not on the live domain if my suspicion about tokens is wrong?

I’ve been trying to do this for weeks and it surely shouldn’t be this hard!

Thanks in advance for any suggestions/advice.