Google Calendar API error Request had insufficient authentication scopes

Question

I'm trying to change the color of a Google calendar event with PHP. The code I'm using is this:

if(version_compare(PHP_VERSION, '7.2.0', '>=')) {
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
}

require_once __DIR__.'/vendor/autoload.php';

$hostname = 'localhost';
$username = 'root';
$password = '';
$database = 'pacientes';

try {
    $conex = new PDO("mysql:host=$hostname;dbname=$database;charset=utf8", $username, $password,
    array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));

}
catch(PDOException $e){
    echo $e->getMessage();
}   


session_start();

$client = new Google_Client();
$client->setAuthConfig('client_secrets.json');
$client->addScope(Google_Service_Calendar::CALENDAR_READONLY);
$client->addScope("https://www.googleapis.com/auth/calendar.events");
$client->addScope("https://www.googleapis.com/auth/calendar");

if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
  $client->setAccessToken($_SESSION['access_token']);
  
$data = date("Y-m-d");
$date = date("Y-m-d", strtotime('+7 days', time()));

$status = "3";
$dados = $conex->prepare('SELECT * FROM pacientes WHERE status = ? LIMIT 1');
$dados->bindParam(1, $status);
    
     $dados->execute();
    if ($dados->rowCount() > 0) {
        
foreach($dados->fetchAll(PDO::FETCH_OBJ) as $key => $linha) {
$optParams = "".$linha->ide."";




 
  
  
  $service = new Google_Service_Calendar($client);
  $event = $service->events->get('primary', $optParams);
  


   
$event->setColorID('4');

$updatedEvent = $service->events->update('primary', $optParams, $event);

// Print the updated date.
echo $updatedEvent->getUpdated();
  
     
    
    

    

    
  }

         }
    

} else {
  $redirect_uri = 'http://' . $_SERVER['HTTP_HOST'] . '/oauth2callback.php';
  header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
}

But when I run the code, I get the error:

Fatal error: Uncaught Google_Service_Exception: { "error": { "code": 403, "message": "Request had insufficient authentication scopes.", "errors": [ { "message": "Insufficient Permission", "domain": "global", "reason": "insufficientPermissions" } ], "status": "PERMISSION_DENIED" } } in C:\xampp\htdocs\google\calendar\vendor\google\apiclient\src\Google\Http\REST.php:118 Stack trace: #0 C:\xampp\htdocs\google\calendar\vendor\google\apiclient\src\Google\Http\REST.php(94): Google_Http_REST::decodeHttpResponse(Object(GuzzleHttp\Psr7\Response), Object(GuzzleHttp\Psr7\Request), 'Google\Service\...') #1 C:\xampp\htdocs\google\calendar\vendor\google\apiclient\src\Google\Task\Runner.php(181): Google_Http_REST::doExecute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), 'Google\Service\...') #2 C:\xampp\htdocs\google\calendar\vendor\google\apiclient\src\Google\Http\REST.php(58): Google_Task_Runner->run() #3 C:\xampp\htdocs\google\calendar\vendor\google\apiclie in C:\xampp\htdocs\google\calendar\vendor\google\apiclient\src\Google\Http\REST.php on line 118

I recreated authorizations in Google Cloud Platform, made sure to grant authorization to edit events (/auth/calendar.events), but still the error persists.

Anyone have any suggestions?

Thanks

Answer 1

You appear to be trying to use the Events: update this method requires authorization with one of the following scopes

Now if we check your code we can see the following

$client->addScope(Google_Service_Calendar::CALENDAR_READONLY);
$client->addScope("https://www.googleapis.com/auth/calendar.events");
$client->addScope("https://www.googleapis.com/auth/calendar");

the way you have added the last two as just the pure HTTPS scope name rather then the internal scope names supplied by the php client library. Implies to me that you ran your code once with the CALENDAR_READONLY and it didn't work and you checked the documentation and realized that you needed the higher level scope denoted in the documentation. Which is great and perfect. However when you ran your code again you didn't reset the authorization so its still running with the authorization from your first run with CALENDAR_READONLY

So the solution is to force your application to authorize again. The easiest way to do that is to go into your Google account and reset the third party consent and remove it for your app Manage third-party apps & services with access to your account alternately removing's the cookies in your browser might also work. you need to clear $_SESSION['access_token']. Although you are not using offline access so you could probably just wait for the access token to expire in an hour.

What you want is for the consent screen to popup again and request permission to access your account you should see the two new scopes on the screen now.