Search code examples
phpemailgoogle-apigmailgmail-api

Gmail API: Insufficient Permission

THE SITUATION:

I am testing the Gmail API for my app.

I have tested some requests and they are working fine. For example get messages, get user history, get draft list etc..

Basically all the read only requests are working fine.

I have instead some issues related with permission with other requests, for example when i have to write or delete a draft.

This is the error i get: 

(403) Insufficient Permission

THE CODE:

This is the function to initialize the app:

public function gmail_init_service()
{
    $client = new Google_Client();

    $client->setApplicationName("Gmail API test");
    $client->setDeveloperKey("MY_KEY");
    $client->setClientSecret('MY_CLIENT_SECRET');
    $client->SetClientId('MY_CLIENT_ID');
    $client->setScopes(array('https://mail.google.com/'));
    $client->setAccessToken('{"access_token":"MY_ACCESS_TOKEN","token_type":"Bearer","expires_in":3600,"refresh_token":"MY_REFRESH_TOKEN","created":1433502343}');

    $service = new Google_Service_Gmail($client);

    return $service;
}

This is the request to delete one draft:

public function gmail_delete_draft()
{
    $service = $this->gmail_init_service();

    // --------------- Get draft list --------------

    $list = $service->users_drafts->listUsersDrafts('me');
    $draftList = $list->getDrafts();

    // --------------- Get draft IDs ---------------

    $inbox_draft = [];

    foreach($draftList as $mlist)
    {
        $draftId = $mlist->id;
        $optParamsGet2['format'] = 'full';
        $single_message = $service->users_drafts->get('me', $draftId , $optParamsGet2);

        $inbox_draft[]['draftId'] = $draftId;
        $inbox_draft[]['draft'] = $single_message;
    }

    // --------------- Delete draft ---------------

    $draft_delete = $service->users_drafts->delete('me', 'DRAFT_ID' );
}

EDIT:

I have tried to revoke the permission and setup new credentials. The scope declared when initializing the service is:

https://mail.google.com/

that as stated in the documentation grant full access to the account.

But i am still getting the same error. The same exact error for the following requests:

Delete draft - Create draft - Create label - Delete message

THE QUESTION:

Why am i getting that error?
It has to do with same values store in a cache?
Or is related with permission of the API?

Solution

  • You need 'https://www.googleapis.com/auth/gmail.compose' to create a draft. So what happens if you 

    $client->setScopes(array(
    'https://mail.google.com/',
    'https://www.googleapis.com/auth/gmail.compose'
));

    or if you want to get more formal

    define('SCOPES', implode(' ', array(
  Google_Service_Gmail::MAIL_GOOGLE_COM,
  Google_Service_Gmail::GMAIL_COMPOSE)
));

$client->setScopes(SCOPES)

    or whatever the valid php might be (I haven't done php for a while).

    Note that if you have a token already you might have to do some calisthenics to revoke it so you can reissue with the added permissions. That might mean deleting a file, perhaps named gmail.storage or, if you have access to the account login and make your way to https://security.google.com/settings/security/permissions the access permissions can be manually revoked.

    This link might be relevant: https://developers.google.com/gmail/api/auth/scopes

    And a meander through the source code might be enlightening.

    You might be able to glean some insight from my battle with this same sort of thing under Python