I'm trying to create a new customer and attach a G-Suite subscription to the customer, but seem to be unable to do this.
Where am I currently:
- Can create a google client object
- Can check if a customer already exists with that domain
- Can create a customer object
Guide:
- https://developers.google.com/admin-sdk/reseller/v1/codelab/end-to-end
- https://developers.google.com/admin-sdk/reseller/v1/quickstart/php
Error Code:
Uncaught Google_Service_Exception: {"error":{"errors":[{"domain":"global","reason":"insufficientPermissions","message":"Insufficient Permission"}]
I suspected it has something to with the scope of the permission (yes really, I just said that). The thing is that I'm following the guide from google, so I'm not sure where the problem is.
Current Scope:
function get_client()
{
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
$client = new Google_Client();
$client->setApplicationName('test');
$client->setScopes($OAUTH2_SCOPES);
$client->setAuthConfig(__DIR__ . '/credentials.json');
$client->setAccessType('offline');
$client->setPrompt('select_account consent');
// Load previously authorized token from a file, if it exists.
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
$tokenPath = 'token.json';
if(file_exists($tokenPath))
{
$accessToken = json_decode(file_get_contents($tokenPath), true);
$client->setAccessToken($accessToken);
}
// If there is no previous token or it's expired.
if($client->isAccessTokenExpired())
{
// Refresh the token if possible, else fetch a new one.
if ($client->getRefreshToken())
{
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
}
else
{
// Request authorization from the user.
$authUrl = $client->createAuthUrl();
printf("Open the following link in your browser:\n%s\n", $authUrl);
print 'Enter verification code: ';
$authCode = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
// Exchange authorization code for an access token.
$accessToken = $client->fetchAccessTokenWithAuthCode($authCode);
$client->setAccessToken($accessToken);
// Check to see if there was an error.
if(array_key_exists('error', $accessToken))
{
throw new Exception(join(', ', $accessToken));
}
}
// Save the token to a file.
if (!file_exists(dirname($tokenPath)))
{
mkdir(dirname($tokenPath), 0700, true);
}
file_put_contents($tokenPath, json_encode($client->getAccessToken()));
}
return $client;
}
I manage to figure out the solution myself.
The problem:
insufficient Permissions
The Solution:
The token file wasn't updated, with the newly added permissions - so deleting and recreating the cred.json file - fixed the problem :)