Hey Makers, I’m receiving an error from the Google Photos “Create an album” module.
403: PERMISSION_DENIED - Request had insufficient authentication scopes.
I re-authenticated the connection, this didn’t fix it. Any ideas?
1 Like
Did you enable all scopes and used your own custom Google OAuth app?
How to Connect and Use Google APIs in Make!
0. Prerequisites
-
0.1. You need to have a Google account
Make sure you can sign in to Google Cloud Console with this.
-
0.2. Create a Google Cloud Platform (GCP) project
Follow this main help centre guide on How to set up a custom OAuth 2.0 custom app in Make.
1. Enable Google APIs
-
1.1. Enable the relevant APIs that you want to use
Search for the relevant Google API here: https://console.cloud.google.com/apis/library
2. OAuth Client
Direct Link: https://console.cloud.google.com/apis/credentials
-
2a. Create “OAuth client ID” Credentials
-
2b. Insert all the Google Redirect URIs for your app
Insert All Google Redirect URIs
Here are some commonly-needed redirect URIs you need for your Google Cloud Console OAuth app. If you set these up, you can reuse the same GCP app for other Google apps and modules on Make.
https://www.make.com/oauth/cb/oauth2 https://www.make.com/oauth/cb/google https://www.make.com/oauth/cb/google/ https://www.make.com/oauth/cb/google-custom https://www.make.com/oauth/cb/google-restricted https://www.make.com/oauth/cb/google-cloud-speech https://www.make.com/oauth/cb/google-search-console https://www.make.com/oauth/cb/google-analytics-4 https://www.make.com/oauth/cb/google-ads2 https://www.make.com/oauth/cb/google-ads2/ https://www.make.com/oauth/cb/youtube https://www.make.com/oauth/cb/chromeIncluding These Google Redirect URIs
You are also required to insert the legacy URLs below from the old Integromat system that not been migrated to Make yet (same as the above list, but replace “make” with “integromat”):
https://www.integromat.com/oauth/cb/oauth2 https://www.integromat.com/oauth/cb/google https://www.integromat.com/oauth/cb/google/ https://www.integromat.com/oauth/cb/google-custom https://www.integromat.com/oauth/cb/google-restricted https://www.integromat.com/oauth/cb/google-cloud-speech https://www.integromat.com/oauth/cb/google-search-console https://www.integromat.com/oauth/cb/google-analytics-4 https://www.integromat.com/oauth/cb/google-ads2 https://www.integromat.com/oauth/cb/google-ads2/ https://www.integromat.com/oauth/cb/youtube https://www.integromat.com/oauth/cb/chromeNote 1: Due to inconsistencies in Make’s implementation of the connections, there are two separate entries where has one is
googleand another ending in a forward slashgoogle/- you might need one or the other, so we have to use both!Note 2: Once you’ve set these up, you can use/reuse the same Google OAuth App ID + Secret for all the supported Google connections and modules on Make - you’ll just have to enable the relevant Google APIs!
3. OAuth consent screen
Direct Link: https://console.cloud.google.com/apis/credentials/consent/edit
-
3a. Insert Two Authorised Domains
-
Insert
make.comandintegromat.com -
Fill in other required fields
-
Click “Save and Continue”.
-
-
3b. Add All Scopes
-
Click “Add or Remove Scopes”
-
Select 100 “Rows per page”, for each page, check all the rows, OR
-
Manually type in the scopes you need
-
Click “Update” at the bottom
-
-
3c. Step through and go to dashboard
At the last step/page, click “BACK TO DASHBOARD” instead of “Prepare for Verification”
-
3d. Publish your GCP OAuth2 app
You will need to set your OAuth application to “Production”, otherwise the credentials expire very frequently.
-
To do this, go back to “OAuth consent screen”
-
Then click the “PUBLISH APP” button
-
Then click the “CONFIRM” button
-
4. Create New Connection (HTTP, or respective Google module)
You can find the Client ID and Client Secret in the OAuth2 app you created in GCP, on the right-hand side of where you inserted the callback URLs in step 2:
-
4a. Specific Google module (Sheets, Docs, Drive, Gmail, etc.)
Insert the GCP app client ID and secret here BEFORE clicking “Sign in”
(Gmail example)
OR,
-
4b. HTTP OAuth 2.0 Request module
You need a “Authorize Parameters” key of
redirect_uriwith the above Make OAuth2 callback URL.
Related Topics:
Hope this helps! Let me know if there are any further questions or issues.
— @samliew
1 Like
Thanks for looking into this and your feedback. Has this become necassary even for ready-made modules? My understanding was that this is limited to custom use cases.
I’m not using a custom app or HTTP module to call onto the Google Photos API, but Make’s native Google Photos module. This was working fine until a few days ago and started throwing an error recently.
Thanks again for your help with this,
Ricardo
1 Like
I have the exact same problem. Since today it throws me the same error message, even though I didn’t change anything, and it worked the same for years. I also tried your instructions, but it didn’t help. Has anything changed in Make or Google?
I’m guessing it may be related to updates to the Google Photos APIs. Updates to the Google Photos APIs | Google for Developers
I’ve managed to run the module after setting up the connection again.
Hope this helps! Let me know if there are any further questions or issues. P.S.: investing some effort into the tutorials in the Make Academy will save you lots of time and frustration using Make!
Hi,
thanks for the advice. This really won’t do - I’ve tried this, including a new ID from google and new connection, a new scenario etc. and always the same error.
I’m guessing that there has been an api change in google and now the make modules are not working.
https://developers.google.com/photos/support/updates
