Search code examples
pythongoogle-apigoogle-drive-apigoogle-oauthgoogle-api-python-client

"Insufficient Permission: Request had insufficient authentication scopes" even with most gerneral scope

I'm trying to download a spreadsheet from my google drive. I'm following this reference and having problems with permission. I've started with https://www.googleapis.com/auth/drive.file and got this

"Insufficient Permission: Request had insufficient authentication scopes."

Reading through the permission documentation one reads the following for https://www.googleapis.com/auth/drive.

Full, permissive scope to access all of a user's files, excluding the Application Data folder.

but even using this scope I still got the same error message.

My code is this


import io
import pickle
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from googleapiclient.http import MediaIoBaseDownload

file_id = "FILE ID"

# If modifying these scopes, delete the file token.pickle.
SCOPES = ['https://www.googleapis.com/auth/drive']

with open('token.pickle', 'rb') as token:
   creds = pickle.load(token)

service = build('drive', 'v3', credentials=creds)

request = service.files().export_media(fileId=file_id, mimeType='application/vnd.openxmlformats-officedocument.spreadsheetml.sheet')

fh = io.BytesIO()
downloader = MediaIoBaseDownload(fh, request)
done = False
while done is False:
   status, done = downloader.next_chunk()
   print("Download %d%%." % int(status.progress() * 100))
Solution

  • "Insufficient Permission: Request had insufficient authentication scopes."

    Means that the login credentials you are currently using do not contain a scope sufficient to use the method you are currently calling.

    While it appears that your code is using the scope of https://www.googleapis.com/auth/drive which would be sufficient to use Files.export.

    What i suspect has happens is that you have authenticated your user logged them in and granted access to a different scope probably read only, and then change your code to include the higher level scope and forgotten to require that you're code re-authenticate your user so the authorization access you are currently running with will not work.

    You need to authenticate your code using this new scope.