错误 403：向 Cloud PubSub 发送测试消息时出错：用户无权执行此操作

Question

I want to set up a push notification watch but I receive an error response.我想设置推送通知手表，但收到错误响应。 What authorization I need?我需要什么授权？

Request:请求：

// Google API
$client = getClient();

// POST request    
$ch = curl_init('https://www.googleapis.com/gmail/v1/users/me/watch');

curl_setopt_array($ch, array(
    CURLOPT_POST => TRUE,
    CURLOPT_RETURNTRANSFER => TRUE,
    CURLOPT_HTTPHEADER => array(
        'Authorization: Bearer ' . $client->getAccessToken()['access_token'],
        'Content-Type: application/json'
    ),
    CURLOPT_POSTFIELDS => json_encode(array(
        'topicName' => 'projects/xxxx/topics/xxxx',
        'labelIds' => ["INBOX"]
    ))
));

Response:回应：

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "forbidden",
    "message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
   }
  ],
  "code": 403,
  "message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
 }
}

More details:更多详情：

The scope used is GMAIL_READONLY .使用的范围是GMAIL_READONLY 。
The suscription and the topic exist and they were created in the same console.订阅和主题存在并且它们是在同一个控制台中创建的。
I tried to publish a new message from the console and it has worked.我尝试从控制台发布一条新消息，并且成功了。

Answer 1

From the page: https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic从页面： https : //developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic

Cloud Pub/Sub requires that you grant Gmail privileges to publish notifications to your topic. Cloud Pub/Sub 要求您授予 Gmail 权限以向您的主题发布通知。

To do this, you need to grant publish privileges to serviceAccount:gmail-api-push@system.gserviceaccount.com.为此，您需要向 serviceAccount:gmail-api-push@system.gserviceaccount.com 授予发布权限。 You can do this using the Cloud Pub/Sub Developer Console permissions interface following the resource-level access control instructions.您可以按照资源级访问控制说明使用 Cloud Pub/Sub 开发者控制台权限界面执行此操作。

(emphasis added) （强调）

Answer 2

You have to grant permission to topics.您必须授予主题权限。 Go to your topics list Or click on the below link https://console.cloud.google.com/cloudpubsub/topic .转到您的主题列表或单击以下链接https://console.cloud.google.com/cloudpubsub/topic 。

Then click on your topic然后点击你的主题

Then in right side permission tab, click on the ADD MEMBER button然后在右侧的权限选项卡中，单击添加成员按钮

Then enter the new member email or If your App have multiple user then you can enter allUsers .然后输入新成员电子邮件或如果您的应用程序有多个用户，则您可以输入allUsers 。 Then Select the role Pub/Sub Publisher and click on the Save button.然后选择角色Pub/Sub Publisher并单击Save按钮。
Note: This will make your topic public.注意：这将使您的主题公开。

Answer 3

dont add allAuthenticatedUsers or allUsers , that will make your topic public.不要添加allAuthenticatedUsers或allUsers ，这将使您的主题公开。 You might have seen this warning您可能已经看到此警告

This resource is public and can be accessed by anyone on the internet.该资源是公开的，互联网上的任何人都可以访问。 To remove public access, remove "allUsers" and "allAuthenticatedUsers" from the resource's members.要删除公共访问，请从资源的成员中删除“allUsers”和“allAuthenticatedUsers”。

SO DONT DO IT所以不要这样做

Instead add gmail-api-push@system.gserviceaccount.com .而是添加gmail-api-push@system.gserviceaccount.com 。 this will work.这会起作用。 Reference : https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic参考： https : //developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic

错误 403：向 Cloud PubSub 发送测试消息时出错：用户无权执行此操作

问题描述

3 个解决方案

解决方案1
14 已采纳 2017-09-09 18:50:04

解决方案2
6 2019-10-12 07:17:55

解决方案3
2 2020-04-17 22:17:32

SO DONT DO IT所以不要这样做

错误 403：向 Cloud PubSub 发送测试消息时出错：用户无权执行此操作

问题描述

3 个解决方案

解决方案1 14 已采纳 2017-09-09 18:50:04

解决方案2 6 2019-10-12 07:17:55

解决方案3 2 2020-04-17 22:17:32

SO DONT DO IT所以不要这样做

解决方案1
14 已采纳 2017-09-09 18:50:04

解决方案2
6 2019-10-12 07:17:55

解决方案3
2 2020-04-17 22:17:32