Why can I not call the Google Gmail API with my idp token?

jgleason · February 2, 2023, 6:37pm

I am using the Management API to grab the idp access token for my user…

"identities": [
        {
            "access_token": "...",
            "provider": "google-apps",
            "user_id": "...",
            "connection": "...",
            "isSocial": false
        }
    ],

Then I pass it to the google api in nodejs like this…

const client = new google.auth.OAuth2({
  access_token: accessToken
});
const gmail = google.gmail({ version: 'v1', auth: client });

When I do this I get the following error

2023-02-02 13:36:34 /usr/src/app/node_modules/google-auth-library/build/src/auth/oauth2client.js:272
2023-02-02 13:36:34             throw new Error('No access, refresh token, API key or refresh handler callback is set.');
2023-02-02 13:36:34                   ^
2023-02-02 13:36:34 
2023-02-02 13:36:34 Error: No access, refresh token, API key or refresh handler callback is set.

What am I missing how do I handle this?

jgleason · February 2, 2023, 6:43pm

Could this be because I am using an enterprise connection instead of a social one?

jgleason · February 2, 2023, 6:56pm

I am looking and I think I needed to add scopes to the credential in GCP. How do I get a new access token with that scope?

jgleason · February 2, 2023, 6:57pm

On 3rd thought even after I get this don’t I have to setup the enterprise connection to request it (via the scope?)