There is my settings in omniauth.rb:
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'],
{
scope: 'https://www.googleapis.com/auth/admin.directory.user.readonly',
provider_ignores_state: true,
prompt: 'select_account consent',
callback_path: '/auth/google_oauth2/callback'
}
Trying to open localhost:5000/omniauth/google_oauth2, select gmail account, accept See info about users on your domain, click Allow and got:
{"code"=>403, "message"=>"Request had insufficient authentication scopes.", "status"=>"PERMISSION_DENIED", "details"=>[{"@type"=>"type.googleapis.com/google.rpc.ErrorInfo", "reason"=>"ACCESS_TOKEN_SCOPE_INSUFFICIENT", "domain"=>"googleapis.com", "metadata"=>{"method"=>"google.social.boq.socialgraph.peopleapis.legacy.service.people.proto.LegacyPeople1Service.JsonGetOpenIdConnect", "service"=>"legacypeople.googleapis.com"}}]}: { "error": { "code": 403, "message": "Request had insufficient authentication scopes.", "status": "PERMISSION_DENIED", "details": [ { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT", "domain": "googleapis.com", "metadata": { "method": "google.social.boq.socialgraph.peopleapis.legacy.service.people.proto.LegacyPeople1Service.JsonGetOpenIdConnect", "service": "legacypeople.googleapis.com" } } ] } }
Not sure what I need to fix. Сan anyone help?
Please see this answer.
It looks like you need to add admin privileges to whichever account you're using to make the request, therefore I suggest investigating your Google Admin Console for any possible misconfiguration with your OAuth client credentials.