Google Social Connection access token rejected when making Youtube Data v3 API calls

I have an SPA application as per Auth0 SPA application definition (using Angular). I am using Auth0 as a client log in mechanism. My application allows for a user to log in with two service providers, IDP(s) or social connections: Facebook or Google . (Given I have supplied Client Id’s and Secrets for applications under those IDP’s domain . If a user successfully authenticates my application will return an array containing an access code which may be used to make calls to the IDP’s API (Identity Provider Access Tokens).

The successful case: After logging in with Facebook. I can retrieve the access token and make a call to Facebook’s graph API.

The problem: When logging in with Google, I can retrieve an access token. However when I use that access token to make a call to the Youtube Data v3 API, I receive an:

 Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.

What I’ve tried:

Questions I want answered

I’ve figured workarounds however they unfortunately impact the user experience. I’d like to know what getTokensSilently returns, a token for what?

What changes must I make so that I can use the access token returned by the IDP (under the identities array) to make calls to the Youtube Data v3 API?

This will return Auth0 tokens. An id token that acts as as proof of user authentication, and access tokens that can be sent to your custom APIs registered in Auth0, or Auth0’s APIs (like the Auth0 management API).

The IDP access tokens are the tokens that you would use for services linked to the IDP, as you have correctly described. I will have to check on the YouTube Data v3 API.

1 Like

Do you have the youtube permission selected in the connection settings?

From what I gather, you need to make an extra call to get the IdP’s access token. To do that, we need to make a call to get the user’s full profile, as documented here: Call an Identity Provider API

1 Like