Error 400: invalid_scope “https://www.googleapis.com/auth/chat.bot”

扶醉桌前 提交于 2020-08-24 07:43:30

问题


The documentation for the new google hangouts chat says that you need to authorize the scope https://www.googleapis.com/auth/chat.bot to do pretty much anything.

Here's the error:

While generating an authentication URL using their OAuth2 client I get the message that the scope is invalid. I don't have that problem if I use https://www.googleapis.com/auth/chat or some other scope like the one for google plus.

When I try to google things on in the API Explorer no combination of the URL or parts of the URL work either.

Here is my code to fetch the URL, seems to work just fine for everything else:

var {google} = require('googleapis');
var OAuth2 = google.auth.OAuth2;

var oauth2Client = new OAuth2(
  "clientid-idididid.apps.googleusercontent.com",
  "_secretsuff",
  "http://localhost:3000/auth/google/callback"
);

var scopes = [
    "https://www.googleapis.com/auth/chat", //Works
    "https://www.googleapis.com/auth/chat.bot"  // Does not work
];

var url = oauth2Client.generateAuthUrl({
  access_type: 'offline',
  scope:  scopes,
});

console.log(url);

回答1:


In case others are running across this problem I think I've figured this out. Google doesn't seem need this auth scope enabled by a domain user because it's already authorised on the domain when your testing your bot. The "authorisation" of these scopes are dictated by users in a domain adding/removing bots from spaces.

I'll go into a bit of detail if you're confused.

Cloud console image

When you create a bot in the console for an organisation https://console.cloud.google.com/apis/api/chat.googleapis.com/ your bot is added to the domain and can be added to spaces by users. If then go over to to the credentials and create a service account you can use that json file credentials to access the API as your bot. The code below gets a list of the people in a space.

var { google } = require('googleapis');
var chat = google.chat("v1");

var key = require('./google_service-account-credentials.json');

var jwtClient = new google.auth.JWT(
  key.client_email,
  null,
  key.private_key,
  ['https://www.googleapis.com/auth/chat.bot'], // an array of auth scopes
  null
);

jwtClient.authorize(function (err, tokens) {
  chat.spaces.members.list({
    auth: jwtClient,
    parent: "spaces/AAAAD4xtKcE"
  }, function (err, resp) {
    console.log(resp.data);
  });
});

If you try to get a list of members on other spaces (and other domains) the bot will fail with the exact same error message:

"Bot is not a member of the space."

I assume if you list your bot on the marketplace and it gets added to different domains and spaces google's API makes sure that your bot can do what it's trying to do on a space by space basis. It would be annoying have to setup some authentication flow after a bot has already been added for it to do its job. This is also probably why the current REST api doesn't let you list spaces under domains, it's not the paradigm this API works under.




回答2:


It may have to do with one of the following:

  1. The scope is created for service accounts. Make sure you are accessing the REST API with a service account.
  2. Make sure that the bot is added to the room or space and has access to what you want it do.
  3. Make sure the Service account is part of the bot project that you are using for the bot.


来源:https://stackoverflow.com/questions/49353286/error-400-invalid-scope-https-www-googleapis-com-auth-chat-bot

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!