I have developed a full-stack application using Java Spring Boot, which uses the Google Drive API v3 to handle files. The application is hosted on Google App Engine within the Google Cloud Platform (GCP) environment.
Issue:
The Google Drive API functions correctly when running the application locally (localhost). However, when the application is deployed and running on Google App Engine, it encounters a 403 error with the following message: “ACCESS_TOKEN_SCOPE_INSUFFICIENT” when trying to perform any action relating to the Drive API (eg- creating files etc).
Key Details:
The application is using a service account for authentication with Google Drive API. I have also programmatically set the necessary access scopes. Despite the correct configuration, the issue persists only when the application is hosted on Google App Engine.
App engine log:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
POST https://www.googleapis.com/upload/drive/v3/files?fields=id&uploadType=resumable
{
"code": 403,
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "google.apps.drive.v3.DriveFiles.Create",
"service": "drive.googleapis.com"
}
}
],
"errors": [
{
"domain": "global",
"message": "Insufficient Permission",
"reason": "insufficientPermissions"
}
],
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED"
}
Java code for initializing the drive service:
public static Drive initDriveService() throws IOException {
GoogleCredentials credentials = GoogleCredentials
.getApplicationDefault() //set to the service account
.createScoped(Collections.singleton(DriveScopes.DRIVE_FILE));
HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(credentials);
return new Drive.Builder(new NetHttpTransport(),GsonFactory.getDefaultInstance(),requestInitializer).setApplicationName("Demo Application").build();
}
Any guidance would be greatly appreciated. Thank you!
Note of what I tried,
-
Ensured that the service account has appropriate permissions and access scopes.
-
Double-checked the access scopes programmatically set within the application.Tried directly adding the links
.createScoped(Arrays.asList("openid","https://www.googleapis.com/auth/userinfo.email","https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/ drive.file")); -
I tried to see similar questions but couldn’t find anything that solved this problem.
Vihanga Marasinghe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.