0

I have a python (2.7) program that's using oath2client to access googledocs. I'm able to create files and edit files, but not delete them. I assume that this is because of a permissions issue.

Is there a way to find out what permissions my oath2client object has access to? If nothing else, it would be nice to be able to produce an error message saying "you don't have delete permissions" or something...

Also, since all I have is a client_id and token, I'm not even sure which account I'm trying to use (we use different accounts for different purposes)

Brian Postow
  • 11,709
  • 17
  • 81
  • 125

1 Answers1

0

For Google OAuth 2.0 tokens you can call a Google endpoint which will return details on the token (JWT).

Here is an example using curl. Replace ACCESS_TOKEN will a real one.

curl "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN

The output will look something like this. Your permissions is in scope.

{
  "issued_to": "123456789012345678901",
  "audience": "123456789012345678901,
  "scope": "https://www.googleapis.com/auth/cloud-platform",
  "expires_in": 2826,
  "access_type": "offline"
}

You can then map this curl example into Python code very easily using Python requests or another library.

Notice the issued_to key. This is the Unique ID that is assigned to each Google Account. This maps an email address to a unique ID. You will find the Unique ID in the Google Cloud Console when you click on a service account email address in IAM. (You don't mention GCP but just in case you are using it).

John Hanley
  • 74,467
  • 6
  • 95
  • 159