All geek questions in one place

Gmail API unexpectedly stopped working with [Error: unauthorized_client]

Where I work, we use Google Apps for Work. Over the past 9 months, we have used the Gmail API (~ 2000 requests per day) to receive new emails for our support email accounts.

Here's how we originally installed it:

  • Go to https://console.developers.google.com/project/
  • Click on a project (or create a new one)
  • Click API and Auth
  • Click "Credentials"
  • Click Create New Customer ID
  • Click on the service account
  • Download JWT (json) for the account.
  • Follow the instructions of the node.js quick start guide with the installed / native token for the same account and authorize it through the console. Tokwas JWT did not work, if we did not take this step, once for each account.

We did this for each of our individual email accounts to avoid having to enable domain delegation for any of them in the admin console. Then we were able to authenticate using tokens using the officially supported npm googleapis library similar to this:

 var google = require('googleapis'); var jwtClient = new google.auth.JWT( token.client_email, null, token.private_key, ['https://www.googleapis.com/auth/gmail.readonly'], ' supportemail@mycompany.com ' ); jwtClient.authorize(function(err, tokens) { if (err) { return cb(err); } var gmail = google.gmail('v1'); var requestOptions = { auth: jwtClient, userId: 'me', id: messageId, format: 'raw' }; gmail.users.messages.get(requestOptions, function(err, response) { if (err) { return cb(err); } // do stuff with the response }); });

As I said, we have been using this for a long time and never had any problems. Yesterday, at about 10 am MST, each of the accounts ceased to be authenticated at the same time, while jwtClient.authorize() unexpectedly returned an error [Error: unauthorized_client] .

I tried to do the same with the new token in the new service account (the web interface has changed quite a bit in the last 9 months to get the token), and it returns the same error.

The googleapis version we used was 0.9.7 , but we cannot get JWT authentication to work in the newest version.

We opened a ticket with the Google API Support Team, but the support team we spoke to had never read the Gmail API specifications before and couldn’t help us in the end, so he redirected us here to contact us with the API Technical Support Team .

We noticed that authentication works if we enable the domain delegation domain in the admin console, but we would prefer not to. We do not need to impersonate accounts and will prefer to use a separate JWT for each account.

+5
source share
1 answer

It turns out that the auth stream we used was never supported and was probably corrupted due to an error in the google part.

In the comments question, @Brandon Jewett-Hall and @Steve Bazyl recommend using the installed apphh stream instead, since it allows unlimited updating of access tokens and is supported.

More information on the various auth streams can be found in the Google Docs API .

+2
source

Source: https://habr.com/ru/post/1244856/

More articles:


All Articles