My Business
3.5K members online now
3.5K members online now
For developers who are using the Google My Business API to manage locations
Guide Me
star_border
Reply

Serviceaccount lost permission to access owneraccount

[ Edited ]
Visitor ✭ ✭ ✭
# 1
Visitor ✭ ✭ ✭

I have a serviceaccount that access GMB through its owneraccount via HTTP. When issuing requests for oauth2 authorization tokens, the owneraccount is specified in the optional JWT claimset property "sub". Up until about a week ago this had worked fine in the previous 6 months. I now get a 401 unauthorized error. If i remove the sub property from the claimset, everything works fine, except that the serviceaccount dosn't have access to the owneraccount. Looking in the developer console I can se permissions have changed since I set this up, but I can't seem to figure out how to once again grant access?

1 Expert replyverified_user
Marked as Best Answer.
Solution
Accepted by topic author Verner H
October 2016

Re: Serviceaccount lost permission to access owneraccount

Google Employee
# 2
Google Employee

Hi @Verner H,

 

You should request user consent again for the Google Account that you need to access the Google My Business data from. You can perform this process with an OAuth 2.0 client ID during the OAuth 2.0 installed application flow, OAuth 2.0 web server application flow or via OAuth 2.0 Playground. For more information about requesting user consent for a service account application, please check out this Accepted Solution.

 

In addition, please note that you should write your code to anticipate the possibility that a granted token might no longer work for various reasons, and obtain a new token when the existing token is deemed invalid.

 

Thanks,

Terry

Serviceaccount lost permission to access owneraccount

Visitor ✭ ✭ ✭
# 3
Visitor ✭ ✭ ✭

Okay I have restored access. From reading your answer, I understood that, it wasn't the serviceaccount that had lost access, but the project it represents. By using this guide https://developers.google.com/my-business/content/get-started I was able to once again grant access to the project by using a client ID for the project and using that in the oauth playground as described.