Search code examples
pythongoogle-oauthgoogle-classroomscopes

Gsuite Classroom Api failing to add students and teachers

I am implementing google's classroom api withing my domain. As suggested by the documentation I am creating a course. I have created a service account and assigned the necessary scopes for that account and I use an admin account as a delegated account. The document states that admins can directly create courses and I my course creation system is working. It also says that admins can directly add teachers and students. When I try to add students or teachers to a course it throws an error Request had insufficient authentication scopes but I have the correct classroom scope from this link. Am I missing something? Any suggestion would be kindly appreciated.

service_credentials = ServiceAccountCredentials.from_p12_keyfile('aServiceAccount.iam.gserviceaccount.com', 
'*.p12', 'notasecret',
scopes=['https://www.googleapis.com/auth/admin.directory.user',
'https://www.googleapis.com/auth/classroom.courses', 
'https://www.googleapis.com/auth/calendar'])
credentials = service_credentials.create_delegated(
            'anAdmin@domain')
class_service = build('classroom', 'v1',
                              credentials=credentials)
directory_service = build('admin', 'directory_v1',
                                  credentials=credentials)
calendar_service = build('calendar', 'v3',
                                 credentials=credentials)
course = {
            'name': 'This is dummy course',
            'section': 'dummy section',
            'descriptionHeading': 'Dummy course',
            'courseState': 'ACTIVE',
            'ownerId': 'anAdmin@domain' # also in the teachers group
        }
response = class_service.courses().create(body=course).execute()
course_id = response.get('id')
course_code = response.get('enrollmentCode')
teacher = {'userId': 'anotherUserFromTeachersGroup@domain'}
class_service.courses().teachers().create(courseId=course_id,body=teacher).execute()
        # error : Request had insufficient authentication scopes
student = {'userId': 'user@domain'}
class_service.courses().students().create(
            courseId=course_id, enrollmentCode=course_code, body=student).execute()
        # error : Request had insufficient authentication scopes
Solution

  • you must make sure that https://www.googleapis.com/auth/classroom.rosters this scope is present in your domain-wide-delegation and in your request scope. Link