Error 403: Error sending test message to Cloud PubSub: User not authorized to perform this action
Question
I want to set up a push notification watch but I receive an error response. What authorization I need?
Request:
// Google API
$client = getClient();
// POST request
$ch = curl_init('https://www.googleapis.com/gmail/v1/users/me/watch');
curl_setopt_array($ch, array(
CURLOPT_POST => TRUE,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_HTTPHEADER => array(
'Authorization: Bearer ' . $client->getAccessToken()['access_token'],
'Content-Type: application/json'
),
CURLOPT_POSTFIELDS => json_encode(array(
'topicName' => 'projects/xxxx/topics/xxxx',
'labelIds' => ["INBOX"]
))
));
Response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
],
"code": 403,
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
}
More details:
- The scope used is
GMAIL_READONLY. - The suscription and the topic exist and they were created in the same console.
- I tried to publish a new message from the console and it has worked.
3 answers
solution1
14 ACCPTED 2017-09-09 18:50:04
From the page: https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic
Cloud Pub/Sub requires that you grant Gmail privileges to publish notifications to your topic.
To do this, you need to grant publish privileges to serviceAccount:gmail-api-push@system.gserviceaccount.com. You can do this using the Cloud Pub/Sub Developer Console permissions interface following the resource-level access control instructions.
(emphasis added)
solution2
6 2019-10-12 07:17:55
You have to grant permission to topics. Go to your topics list Or click on the below link https://console.cloud.google.com/cloudpubsub/topic .
Then click on your topic
Then in right side permission tab, click on the ADD MEMBER button
Then enter the new member email or If your App have multiple user then you can enter allUsers . Then Select the role Pub/Sub Publisher and click on the Save button.
Note: This will make your topic public.
solution3
2 2020-04-17 22:17:32
dont add allAuthenticatedUsers or allUsers , that will make your topic public. You might have seen this warning
This resource is public and can be accessed by anyone on the internet. To remove public access, remove "allUsers" and "allAuthenticatedUsers" from the resource's members.
SO DONT DO IT
Instead add gmail-api-push@system.gserviceaccount.com . this will work. Reference : https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.