AdWords is now Google Ads. Our new name reflects the full range of advertising options we offer across Search, Display, YouTube, and more. Learn more

My Business
4.6K members online now
4.6K members online now
For developers who are using the Google My Business API to manage locations
Guide Me
star_border
Reply

Client is unauthorized to retrieve access tokens using this method. serviceAccount

[ Edited ]
Visitor ✭ ✭ ✭
# 1
Visitor ✭ ✭ ✭

Hi,

we try to us a service account to retrieve accounts/locations from GMB. Therefore we use the npm package googleapis (https://github.com/google/google-api-nodejs-client) to create a JWT

 

1. If we use JWT without an impersonator we get back a personal/unverified account for THIS service-account. Which is (of course) not want we want...

2. If we try to impersonate the call towards the API with a mailaddress from a user who a) has succesfully given consent to the corresponding project via the OAuth playground and b) is able to receive the verified businessaccount through the Playground itself, the authorization throws back the following error:

{ error: 'unauthorized_client',
  error_description: 'Client is unauthorized to retrieve access tokens using this method.' }

We already (re)created a new service account as suggested here but this did not help. 

 

We also read that the service account used should have access to GMB itself. Although this would counteract the purpose of impersonation: Is that true?

 

Codesnippet

let jwtClient = new google.auth.JWT(
  key.client_email, // of service account
  null,
  key.private_key, // of service account
  ['https://www.googleapis.com/auth/plus.business.manage'],
  impersonater // mailaddress of user who is Admin of GMB and has granted access of whitelisted project
);

jwtClient.authorize(function (err, tokens) {
  if (err) {
    console.log(err); // <-- this gets called if impersonator is not null
    return;
  }
});

 

 

 

1 Expert replyverified_user

Re: Client is unauthorized to retrieve access tokens using this method. serviceAccount

Google Employee
# 2
Google Employee

Hi @Vertex A,

 

We suggest you try making a simple HTTP request using the OAuth 2.0 Playground and confirm if you are able to list locations within your specific Google Account. If yes, try running your service account application and impersonate that specific Google Account, and see if it works. If not, then please remove the authorized app from the Apps connected to your account page of that Google Account you requested user consent for and do it again. Please let us know if you continue to experience the same issue.

 

You can read more about Using OAuth 2.0 to Access Google APIs.

 

Thanks,

The Google My Business API team

Client is unauthorized to retrieve access tokens using this method. serviceAccount

Visitor ✭ ✭ ✭
# 3
Visitor ✭ ✭ ✭

Thank you, for replying..

 

Shalini says : We suggest you try making a simple HTTP request using the OAuth 2.0 Playground and confirm if you are able to list locations within your specific Google Account

 

I have done this and works great.

 

Shalini says  If yes, try running your service account application and impersonate that specific Google Account, and see if it works

 

I have done this and it does not work, same error 

ex = {"Error:\"unauthorized_client\", Description:\"Client is unauthorized to retrieve access tokens using this method.\", Uri:\"\""}

 

Shalini says: If not, then please remove the authorized app from the Apps connected to your account page of that Google Account you requested user consent for and do it again.

 

Yes i have done this (several tiems) and it still does not work, same error. 

 

Can you look at my account further to see why the impersonation fails? thank you