0

I have PHP code that Google PHP Mirror API to insert user account. 

    if(isset($_GET['userToken'])){
        $userToken=$_GET['userToken'];

        $key = file_get_contents($key_file_location);   
        $cred = new Google_Auth_AssertionCredentials(
            'service-email-here',
             array('https://www.googleapis.com/auth/glass', 'https://www.googleapis.com/auth/glass.thirdpartyauth'),
            $key
        );          
        $client->setAssertionCredentials($cred);

        $mirrorService = new Google_Service_Mirror($client);            
        $_SESSION['access_token'] = $client->getAccessToken();

        insert_account($mirrorService, $userToken, $email, $api_email);
        exit();
    }       


function insert_account($service,$userToken, $email, $api_email)
{
$accountType='package-name-here';
$accountName='service-email-here';

$authtoken=null;    
$postBody = new Google_Service_Mirror_Account();
$postBody->setAuthTokens($authtoken);
$userdata=array("email"=>$email);
$postBody->setUserData($userdata);

try {   
    $account = $service->accounts->insert($userToken, $accountType, $accountName, $postBody);
    return $account;
} catch (Exception $e) {
    echo "exception: ".$e;
    return null;
}
}

I get an error which says: 

exception: exception 'Google_Service_Exception' with message 'Error calling POST      https://www.googleapis.com/mirror/v1/accounts/usertokenhere/package-name-here/service-email-here: (403) Insufficient Permission' in app-path/Google/Http/REST.php:79
Stack trace:
#0 app-path/Google/Http/REST.php(44): Google_Http_REST::decodeHttpResponse(Object(Google_Http_Request))
#1 app-path/Google/Client.php(508): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request))
#2 app-path/Google/Service/Resource.php(195): Google_Client->execute(Object(Google_Http_Request))
#3 app-path/Google/Service/Mirror.php(409): Google_Service_Resource->call('insert', Array, 'Google_Service_...')
#4 app-path/util.php(52): Google_Service_Mirror_Accounts_Resource->insert('8ce7d2ffbe6f693...', 'com.tenpearls.l...', '568533774877-an...', Object(Google_Service_Mirror_Account))
#5 app-path/add-your-own-camera.php(59): insert_account(Object(Google_Service_Mirror), '8ce7d2ffbe6f693...', 'safdar.tp@gmail...', '568533774877-an...')
#6 {main}

Why am I getting the insufficient permission error? I added the scope https://www.googleapis.com/auth/glass.thirdpartyauth which is required to add accounts using mirror api. I need to insert user account using mirror API.

Lubna
  • 151
  • 9

2 Answers2

1

You do not need the scope https://www.googleapis.com/auth/glass. In fact, this is not a valid scope at all.

The only scope you need for adding an account on the device using a service account is https://www.googleapis.com/auth/glass.thirdpartyauth.

Prisoner
  • 49,922
  • 7
  • 53
  • 105
  • Tried adding only this scope. Gives the same error. I am not able to find out the cause. I am calling setAssertionCredentials to the client object before creating service object. Is it the correct place to call this method? – Lubna Aug 08 '14 at 12:11
  • Could you confirm that the "Google Mirror API" has been enabled for your API Project? Also make sure that "service-email-here" gets replaced by the email address given in the API Console for the correct client ID. – Alain Aug 11 '14 at 15:47
  • "Google Mirror API" is enabled already. In API Console, I have 2 Client IDs and 2 Email Address. One for 'Client ID for web application' which is used for OAuth, other one is for 'Service Account', which is for mirror API. We are creating one client throughout the application. I guess that is the source of problem. How can this be possibly sorted out? – Lubna Aug 12 '14 at 04:44
  • I called the mirror account insert method using a separate client with service client id and service email id. I get a null response from mirror insert method instead of error now! I need further help in adding postBody to the same method. Thanks. – Lubna Aug 13 '14 at 06:07
0

Calling insert account method required separate service client object. Code can be viewed here: http://goo.gl/DVggO6

Lubna
  • 151
  • 9