google-api-java-client-services
google-api-java-client-services copied to clipboard
googleapis
Calendar: Additional Scope enforced to be requested when it is not needed
Environment details
- Specify the API at the beginning of the title. Calendar API
- OS type and version: Android target SDK 33
- Java version: Android 13
- version(s): com.google.apis:google-api-services-calendar:v3-rev20230707-2.0.0
Steps to reproduce
- Sign-In to Google and request Scope CALENDAR_EVENTS_READONLY = https://www.googleapis.com/auth/calendar.events.readonly"
- Retrieve the Calendar Events List for a certain CalendarID
- Get warning [GoogleAuthUtil] isUserRecoverableError status: NEED_REMOTE_CONSENT, which triggers exception UserRecoverableAuthIOException
- Upon handling exception, Request_Permission is requesting Scope "https://www.googleapis.com/auth/calendar". This is not needed, as observed in https://developers.google.com/calendar/api/v3/reference/events/list, and selecting only the events.readonly scope
Code example (simplified)
GoogleSignInOptions mGoogleSignInOptions = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.requestScopes(new Scope(CalendarScopes.CALENDAR_EVENTS_READONLY)) //https://developers.google.com/identity/protocols/oauth2/scopes#calendar
.build();
// Build a GoogleSignInClient with the options specified by gso.
GoogleSignInClient mGoogleSignInClient = GoogleSignIn.getClient(MainActivity.this, mGoogleSignInOptions);
Intent signInIntent = mGoogleSignInClient.getSignInIntent();
startActivityForResult(signInIntent, SIGN_IN_REQUEST_CODE);
do {
page++;
Events events;
Log.i(appLogTAG, "Sending events request, page "+page);
events = calendarService.events().list(calendarID).execute();
List<Event> items = events.getItems();
for (Event event : items) {
//some work
}
pageToken = events.getNextPageToken();
syncToken = events.getNextSyncToken();
} while (pageToken != null);
}catch (UserRecoverableAuthIOException e) {
toastInUI("Error while retrieving data. ");
//request missing permissions
Intent intent = e.getIntent();
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
appContext.startActivity(intent);
} catch (GoogleJsonResponseException e) {
if (e.getStatusCode() == 410) {
// A 410 status code, "Gone", indicates that the sync token is invalid.
Log.e(appLogTAG,"Invalid sync token, clearing event store and re-syncing.");
} else {
throw new RuntimeException(e);
}
}catch (SocketTimeoutException e) {
Log.e(appLogTAG, "Timeout while retrieving data.");
toastInUI("Timeout while retrieving data.");
}catch (IOException e) {
Log.e(appLogTAG, "Unknown error.");
throw new RuntimeException(e);
}
Stack trace
W [GoogleAuthUtil] isUserRecoverableError status: NEED_REMOTE_CONSENT
External references such as API reference guides
- https://developers.google.com/calendar/api/v3/reference/events/list
Any additional information below
I have tried debugging to understand where the enforced permission request comes from without success. From the link in External References the requested Scope is enough to list all events in the Calendar.
Thanks!
@bunnis Would you attach the stacktrace? It tells file name and line number that causes the exception.
"W" at the beginning is warning.
@suztomo I don't have any indication of the line number that causes the exception, this is what I see in Logcat:
2023-09-01 20:20:06.884 18935-20392 ABSKULAITY.BDAYCN pt....aity.bdaynotificationsgooglec I Starting to Retrieve Calendar Bday Events
2023-09-01 20:20:06.885 18935-20392 ABSKULAITY.BDAYCN pt....aity.bdaynotificationsgooglec D Setting up Google Credentials
2023-09-01 20:20:06.886 18935-20392 ABSKULAITY.BDAYCN pt....aity.bdaynotificationsgooglec D Creating Calendar Service
2023-09-01 20:20:06.891 18935-20392 ABSKULAITY.BDAYCN pt....aity.bdaynotificationsgooglec I Starting the events fetching logic
2023-09-01 20:20:06.891 18935-20392 ABSKULAITY.BDAYCN pt....aity.bdaynotificationsgooglec I Sending events request, page 1
**2023-09-01 20:20:07.071 18935-20392 Auth pt....aity.bdaynotificationsgooglec W [GoogleAuthUtil] isUserRecoverableError status: NEED_REMOTE_CONSENT**
exception UserRecoverableAuthIOException
Can I see the stacktrace of this exception?
com.google.api.client.googleapis.extensions.android.gms.auth.UserRecoverableAuthIOException
at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential$RequestHandler.intercept(GoogleAccountCredential.java:288)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:880)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:552)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:493)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:603)
at mypackage.DataRepo.retrieveCalendarBdayEvents(DataRepo.java:277)
at mypackage.DataRepo.loadData(DataRepo.java:410)
at mypackage.DataRepo.run(DataRepo.java:193)
at java.lang.Thread.run(Thread.java:1012)
Caused by: com.google.android.gms.auth.UserRecoverableAuthException: NeedRemoteConsent
at com.google.android.gms.auth.zzl.zzg(com.google.android.gms:play-services-auth-base@@18.0.4:20)
at com.google.android.gms.auth.zzl.zzb(com.google.android.gms:play-services-auth-base@@18.0.4:4)
at com.google.android.gms.auth.zzf.zza(Unknown Source:6)
at com.google.android.gms.auth.zzl.zzh(com.google.android.gms:play-services-auth-base@@18.0.4:6)
at com.google.android.gms.auth.zzl.zza(com.google.android.gms:play-services-auth-base@@18.0.4:15)
at com.google.android.gms.auth.zzl.getToken(com.google.android.gms:play-services-auth-base@@18.0.4:3)
at com.google.android.gms.auth.zzl.getToken(com.google.android.gms:play-services-auth-base@@18.0.4:1)
at com.google.android.gms.auth.zzl.getToken(com.google.android.gms:play-services-auth-base@@18.0.4:6)
at com.google.android.gms.auth.GoogleAuthUtil.getToken(com.google.android.gms:play-services-auth-base@@18.0.4:3)
at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential.getToken(GoogleAccountCredential.java:258)
at com.google.api.client.googleapis.extensions.android.gms.auth.GoogleAccountCredential$RequestHandler.intercept(GoogleAccountCredential.java:283)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:880)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:552)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:493)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:603)
at mypackage.DataRepo.retrieveCalendarBdayEvents(DataRepo.java:277)
at mypackage.DataRepo.loadData(DataRepo.java:410)
at mypackage.DataRepo.run(DataRepo.java:193)
at java.lang.Thread.run(Thread.java:1012)
@blakeli0 No, sorry, it looks like this code does not use GUAC auth libs.
@bunnis The main problem seems to be the "NEED_REMOTE_CONSENT" error. This seems to be service specific and related to app verification status or error handeling, do you have your app verified, have you tried to handle like in the example?
@TimurSadykov I handle the error correctly and everything works. The main problem is that using the API vs Web, the permissions are different. Via Web I only need read-only permission the access the data. Using the API, if I request the read-only permission then the Error Handling will force me to request read and write permissions. Obviously this is a different behaviour than the Web. Please refer to my initial description in 4:
Upon handling exception, Request_Permission is requesting Scope "https://www.googleapis.com/auth/calendar". This is not needed, as observed in https://developers.google.com/calendar/api/v3/reference/events/list, and selecting only the events.readonly scope