Token retrieval failed with error: invalid_scope when using DeviceFlowAuthenticator
fnune opened this issue · 2 comments
Hey there, I'm failing to fetch some events from my calendar. The error is Token retrieval failed with error: invalid_scope. This happens before the flow starts, before I see the Google log-in window.
It happens only when using yup_oauth2::DeviceFlowAuthenticator. When using yup_oauth2::InstalledFlorAuthenticator there are no errors and the events are listed successfully.
Here's my code. My usage seems pretty vanilla, what am I doing wrong?
pub async fn fetch_events() -> Result<Events, Error> {
let secret =
yup_oauth2::read_application_secret(std::path::Path::new("./secrets/application-secret.json"))
.await
.expect("./secret.json");
let auth = yup_oauth2::DeviceFlowAuthenticator::builder(secret)
.persist_tokens_to_disk(std::path::Path::new("./secrets/tokens-store.json"))
.build()
.await
.unwrap();
let hub = CalendarHub::new(
hyper::Client::builder().build(hyper_rustls::HttpsConnector::with_native_roots()),
auth,
);
hub
.events()
.list("primary")
.add_scope(Scope::EventReadonly)
.max_results(10)
.time_min(&chrono::Utc::now().to_rfc3339())
.doit()
.await
.map(|(_, events)| events)
}I asked this over at google-apis-rs Byron/google-apis-rs#282 and was redirected here. Thanks a lot for your time.
depending on the API, DeviceFlow is not a feasible method. Only very few APIs allow this, I believe, especially those that need to work on TVs/game consoles. This would also explain "invalid_scope" in some part, as the scope for which you want to acquire a device token doesn't permit the device authentication flow.
In contrast, the flow for installed applications that works for you is much more common, and thus seems to work for your case. You should check the Google documentation for your API and see which authentication methods are permitted.
I see! I will read the docs from Google closer then.
Thank you for pointing me to that.