Serviceaccount lost permission to access owneraccount[ Edited ]
October 2016 - last edited October 2016 by Terry W
I have a serviceaccount that access GMB through its owneraccount via HTTP. When issuing requests for oauth2 authorization tokens, the owneraccount is specified in the optional JWT claimset property "sub". Up until about a week ago this had worked fine in the previous 6 months. I now get a 401 unauthorized error. If i remove the sub property from the claimset, everything works fine, except that the serviceaccount dosn't have access to the owneraccount. Looking in the developer console I can se permissions have changed since I set this up, but I can't seem to figure out how to once again grant access?
Re: Serviceaccount lost permission to access owneraccount
Hi @Verner H,
You should request user consent again for the Google Account that you need to access the Google My Business data from. You can perform this process with an OAuth 2.0 client ID during the OAuth 2.0 installed application flow, OAuth 2.0 web server application flow or via OAuth 2.0 Playground. For more information about requesting user consent for a service account application, please check out this Accepted Solution.
In addition, please note that you should write your code to anticipate the possibility that a granted token might no longer work for various reasons, and obtain a new token when the existing token is deemed invalid.
Serviceaccount lost permission to access owneraccount
Okay I have restored access. From reading your answer, I understood that, it wasn't the serviceaccount that had lost access, but the project it represents. By using this guide https://developers.google.com/my-business/content/get-started I was able to once again grant access to the project by using a client ID for the project and using that in the oauth playground as described.