2

Problem statement with error

I'm able to create a Google Form using the Google Forms API, but I can't get the submitted form responses to notify my PubSub topic.

After creating the form, I'm attempting to create the watch but I get the following error (which is weird because I'm using the same authorized "form service" that was used to create the form in the first place):

code: 400
message: Project does not have necessary OAuth permissions from authorizing user.
status: FAILED_PRECONDITION

Scopes didn't fix it

I've thrown a bunch of scopes at the problem hoping something would stick, but I don't think scopes are the problem (or the fix):

scopes = [
      "https://www.googleapis.com/auth/script.external_request",
      "https://www.googleapis.com/auth/drive",
      "https://www.googleapis.com/auth/drive.file",
      "https://www.googleapis.com/auth/drive.readonly",
      "https://www.googleapis.com/auth/forms.body",
      "https://www.googleapis.com/auth/forms.body.readonly",
      "https://www.googleapis.com/auth/forms.responses.readonly"
    ]

How I'm authorizing the form service

Here is how I'm authorizing my form service with env var GOOGLE_APPLICATION_CREDENTIALS=/path/to/keyfile.json and calling the method to create the watch:

authorizer = Google::Auth.get_application_default(scopes)
form_service = Google::Apis::FormsV1::FormsService.new
form_service.authorization = authorizer

form_service.create_watch(form_id, create_watch_request_object)

Pub/Sub Publisher Role

I believe I have set up the topic permissions correctly, and I think this watch creation failure is happening upstream of anything needing this publisher permission, right?

pubsub publisher permission for forms-notifications@system.gserviceaccount.com

Question

I've combed over the auth section in the Google Forms API docs, but can't see what I could change either in my code or in Google Cloud to get this to work. Could you nudge me in the right direction?

chemturion
  • 283
  • 2
  • 16
  • 1
    Please edit your question and include your code. I need to see how you are authorizing your applicaiton. – Linda Lawton - DaImTo Aug 10 '22 at 09:41
  • @DaImTo thank you; I have added the bit about get_application_default – chemturion Aug 10 '22 at 21:58
  • Are you storing the access token and refresh token any where? Did you request authorization fo the user one using one set of scopes and then change your code to include other scopes? Did you remember to request access of the user again with the new scopes? – Linda Lawton - DaImTo Aug 11 '22 at 06:51
  • I’m using Service Account with the json keyfile locally. No other tokens. Error occurs when using same scopes but I will test again. I’m not sure what you mean “request access of the user”… only my app is creating form and watch. User can be anyone with form link (responder_uri). I expect the watch to already exist before user accesses the form and submits responses. Thank you, and let me know if I can clarify. – chemturion Aug 11 '22 at 12:51
  • Can you show me in the documentation for [forms api](https://developers.google.com/forms/api/guides) where it says it supports service accounts? Not to mention the fact that appears to be a cloud service account not a google apis service account created on google cloud console. Have you set up delegation some how. A service account is not you you need to delignate it permissions. – Linda Lawton - DaImTo Aug 11 '22 at 13:00
  • The Forms API doesn't have an opinion on auth type; rather it points the developer to the [Workspace Overview](https://developers.google.com/workspace/guides/get-started) to create access credentials. I have also enabled Domain-wide Delegation on this service account. The service account is acceptable auth to create the form. The problem arises when I try to create a watch. – chemturion Aug 12 '22 at 13:40
  • Hi @chemturion I currently have this problem using a service account too and getting this issue when setting a watch on a form. Have you been able to solve it ? – Nathaniel Babalola Sep 06 '22 at 07:52
  • @NathanielBabalola I have not resolved yet. I've opened a Google support ticket. Could you visit https://issuetracker.google.com/issues/242295786 and upvote it? – chemturion Sep 06 '22 at 20:30
  • 2
    @chemturion I just upvoted it. Hopefully it will be resolved as soon as possible – Nathaniel Babalola Sep 06 '22 at 22:51

0 Answers0