I have enabled Google Cloud Storage checkbox on google-oauth2 social connection in Auth0
I have enabled Oauth in BigQuery with all available BigQuery scopes
When calling the auth0 endpoint, the scope includes cloud storage read write:
email profile https://www.googleapis.com/auth/devstorage.read_write https://www.googleapis.com/auth/userinfo.email openid https://www.googleapis.com/auth/userinfo.profile
I extract the access token from the management API
Then using the google python sdk using the extracted access token
from google.cloud import bigquery as bq
from google.oauth2 import credentials
req = bq.Client(credentials=credentials.Credentials(token='ACCESS TOKEN'), project="myproject")
I get the error:
google.api_core.exceptions.Forbidden: 403 Access Denied: BigQuery BigQuery: Missing required OAuth scope. Need BigQuery or Cloud Platform read scope.
Hi there @Chris_Rasgo welcome to the community!
While I’m not super familiar with the Google side of things, the scopes mentioned in the error message seem to be entirely different scopes than what are available on the Google social connection in Auth0. It looks like they are:
Thanks for the welcome and fast reply! Their docs list
https://www.googleapis.com/auth/devstorage.read_write as a BigQuery option OAuth 2.0 Scopes for Google APIs | Authorization | Google Developers and the error message says it needs BigQuery or Cloud Platform read scope, and that should cover both cases?
I have not been able to find clarity on minimum required scopes, I was just assuming what auth0 would send would be enough.
If that is not the case, do you (or others!) know of a way with the react web library (
auth0/auth0-react) to send particular scopes only when authing through google single sign on? We will only want to request Big Query scope if they are using google accounts.
Edit: sorry to be clear,
https://www.googleapis.com/auth/devstorage.read_write is sent as well when you check the checkbox
Google Cloud Storage in auth0 google social connection page
Image of the selected option in Auth0, don’t see anything for BigQuery specifically
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.