Search code examples
google-api-php-clientandroid-management-api

Request has insufficient authentication

I'm setting up the Android Management API with the Google API PHP Client but I figured that my authentication config I provided to the client has no impact when I'm sending a request.

I tested if the credentials file exists and if syntax errors inside the file are handled. I followed the error message link. I've searched the web several times, reached out to the documentation and the php doc inside the library but I couldn't figure it out.

$client = new \Google_Client();
$client->setApplicationName('SecretName');
$client->setAuthConfig(x::getRootDir() . '/modules/package-androidmanagement/credentials2.json');
$client->addScope(Google_Service_AndroidManagement::ANDROIDMANAGEMENT);
$am = new \Google_Service_AndroidManagement($client);

try {
 $signupUrl = $am->signupUrls->create(['projectId' => $this->projectId, 'callbackUrl' => x::getDomain()]);
} catch (Exception $exception) {
 echo $exception->getMessage();
}

Expected: signupUrl Object Actual: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.

Solution

  • Before you are able to generate any organization signup urls (or perform any api calls) you need to authenticate yourself.

    You can do this by setting a redirect URL, and directing the user to the signup URL.

    $client->setRedirectUri('https://example.com/register');
$authUrl = $client->createAuthUrl();

    This requires a complete setup of the oauth flow though. Meaning that your oauth consent screen has been verified by google (may take up to several weeks) and you have set up your various allowed domains for redirect urls.

    If you are still in the development phase, you can take the oauth consent screen provided by the quickstart notebook by google:

    # This is a public OAuth config, you can use it to run this guide but please use
# different credentials when building your own solution.
CLIENT_CONFIG = {
    'installed': {
        'client_id':'882252295571-uvkkfelq073vq73bbq9cmr0rn8bt80ee.apps.googleusercontent.com',
        'client_secret': 'S2QcoBe0jxNLUoqnpeksCLxI',
        'auth_uri':'https://accounts.google.com/o/oauth2/auth',
        'token_uri':'https://accounts.google.com/o/oauth2/token'
    }
}
SCOPES = ['https://www.googleapis.com/auth/androidmanagement']

    Use this to replace the data in your oauth json config.

    By not setting a redirect uri, it should provide you with the code which then can be manually entered.