Using application-default credentials for Google Search Console API does not provide sufficient permissions.
See original GitHub issueAs the title states, using the application default credentials to access Google Search Console data does not seem to work.
Note: My Google Account has delegated ownership of a site.
/**
* Acquires application default settings from Google's Auth library.
*
* @returns {Object} authClient
*/
function _authenticateWithGoogle(){
console.log("Authenticating...");
return new Promise(function(resolve, reject){
google.auth.getApplicationDefault(function(err, authClient) {
if (err) {
console.error('Authentication failed because of ', err);
reject(err);
}
if (authClient.createScopedRequired && authClient.createScopedRequired()) {
const scopes = [
// Needed to read data from google search console.
'https://www.googleapis.com/auth/webmasters.readonly'
];
authClient = authClient.createScoped(scopes);
}
// For debugging purposes.
console.log(JSON.stringify(authClient));
// Resolve authClient obj.
resolve(authClient);
});
});
};
Using the above code to generate an auth client to then run the following:
webmaster.sites.list({auth: authClient}, function(err, resp) {
if (err){
console.error(err);
reject(err);
} else {
console.log(resp);
resolve();
}
});
The above code errors out and returns a not very helpful message:
code: 403,
errors:
[ { domain: 'global',
reason: 'insufficientPermissions',
message: 'Insufficient Permission' } ] }
I spent hours scouring the web trying to find out what might be going wrong, but unfortunately found nothing related to application-default credentials and search console. It seems that the Search Console API just does not work with default-application credentials.
I have since created a new service-account and used JWT based authentication and was able to query the Search Console API successfully.
Considering the webmasters API is part of googleapis, I would have expected that the getApplicationDefault functionality would have been sufficient to create the authClient necessary to access data, but it seems not to be the case.
Anyone attempting to use application-default to access the Search Console API – stick with JWT, save yourself the trouble until they get a fix in.
Issue Analytics
- State:
- Created 6 years ago
- Reactions:4
- Comments:8 (4 by maintainers)
Top GitHub Comments
I’m seeing the same exact result FWIW. Digging deeper.
My process was:
https://www.googleapis.com/auth/webmasters.readonly
Use the
require('googleapis').webmasters('v3')
client object to query the search console API viawebmaster.searchanalytics.query()
.