2

I am new to google apis. I am looking to read a google spreadsheet via a python program and following instructions found here:

https://www.twilio.com/blog/2017/02/an-easy-way-to-read-and-write-to-a-google-spreadsheet-in-python.html

I have a google sheet called Legislators 2017 that I am using for this.

The following is the code to print out some content from the sheet.

import gspread
from oauth2client.service_account import ServiceAccountCredentials


scope = ['https://www.googleapis.com/auth/drive']
creds = ServiceAccountCredentials.from_json_keyfile_name('google_drive_oct_6_2020.json', scope)
client = gspread.authorize(creds)

sheet = client.open("Legislators 2017").sheet1

list_of_hashes = sheet.get_all_records()
print(list_of_hashes)

The above works.

I am inclined to use the smallest scope possible in general, and would like to use

https://www.googleapis.com/auth/spreadsheets or 
https://www.googleapis.com/auth/spreadsheets.readonly

but they don't work and I get an exception with the following message:

Insufficient Permission: Request had insufficient authentication scopes.

What am I missing ?

Tanaike
  • 181,128
  • 11
  • 97
  • 165
SuB
  • 25
  • 4

2 Answers2

3

When client.open("Legislators 2017") is used, the method of "Files: list" in Drive API is used. Ref By this, the scope of Drive API is required to be used. In your script, https://www.googleapis.com/auth/drive or https://www.googleapis.com/auth/drive.readonly are required.

When you don't want to use the scopes of Drive API and want to use the smallest scope possible in general, how about the following modification?

From:

scope = ['https://www.googleapis.com/auth/drive']
creds = ServiceAccountCredentials.from_json_keyfile_name('google_drive_oct_6_2020.json', scope)
client = gspread.authorize(creds)

sheet = client.open("Legislators 2017").sheet1

To:

scope = ['https://www.googleapis.com/auth/spreadsheets.readonly']
creds = ServiceAccountCredentials.from_json_keyfile_name('google_drive_oct_6_2020.json', scope)
client = gspread.authorize(creds)

sheet = client.open_by_key("###").sheet1
  • ### is the Spreadsheet ID of Legislators 2017.
  • In this modification, the scope of https://www.googleapis.com/auth/spreadsheets.readonly can be used. Also, https://www.googleapis.com/auth/spreadsheets can be used.

References:

Tanaike
  • 181,128
  • 11
  • 97
  • 165
  • Thanks much ! This worked for me. However, I had another question. I see that you mentioned: _By this, the scope of Drive API is required to be used._ However, I don't see any direct mention of that in the code you referenced. Is that from the code comment that says: _Drive uses different terminology_ ? Many thanks for your response ! – SuB Oct 10 '20 at 01:52
  • @SuB Thank you for replying. I'm glad your issue was resolved. And I have to apologize for my poor English skill. Unfortunately, about your additional question, I cannot understand about `However, I don't see any direct mention of that in the code you referenced. Is that from the code comment that says: Drive uses different terminology ?`. Can I ask you about the detail of it? – Tanaike Oct 10 '20 at 03:12
  • You are welcome @Tanaike. Your english seems perfectly fine to me :) I meant to ask, how did you find out that - "Files: list" in Drive API is used -- ? – SuB Oct 20 '20 at 15:44
  • 1
    @SuB Thank you for replying. In order to retrieve the file ID from the filename, it is required to use the method of files.list of Drive API. In this case, at least, the scope of `https://www.googleapis.com/auth/drive.metadata.readonly` for Drive API is required to be used. But in your question, you want to use `https://www.googleapis.com/auth/spreadsheets.readonly`. So I proposed to directly use the file ID. In this case, it seems that Drive API is not used in gspread. [Ref](https://github.com/burnash/gspread) If I misunderstood your replying, I apologize. – Tanaike Oct 20 '20 at 22:43
0

When creating the Authentication credentials from GCP, you need to state the level of access given to a Authentication Key. You can then access that level of access, or less.

According to the guide you are referring:

Name the service account and grant it a Project Role of Editor.
Ishan Joshi
  • 487
  • 3
  • 7