Hey Makers, I’m receiving an error from the Google Photos “Create an album” module.

403: PERMISSION_DENIED - Request had insufficient authentication scopes.

image611×663 52.9 KB

I re-authenticated the connection, this didn’t fix it. Any ideas?

Did you enable all scopes and used your own custom Google OAuth app?

How to Connect and Use Google APIs in Make!

0. Prerequisites

• 0.1. You need to have a Google account

  Make sure you can sign in to Google Cloud Console with this.

• 0.2. Create a Google Cloud Platform (GCP) project

  Follow this main help centre guide on How to set up a custom OAuth 2.0 custom app in Make.

1. Enable Google APIs

• 1.1. Enable the relevant APIs that you want to use

  Search for the relevant Google API here: https://console.cloud.google.com/apis/library

  • Go to each API page that you want to use, end click “Enable”

  • Usually you’ll want to enable at least Drive (includes Docs/Sheets) and Gmail.

  

  600×272 11.6 KB

2. OAuth Client

Direct Link: https://console.cloud.google.com/apis/credentials

• 2a. Create “OAuth client ID” Credentials

  

  455×206 15.2 KB

• 2b. Insert all the Google Redirect URIs for your app

  

  302×200 7.32 KB

  Insert All Google Redirect URIs

  Here are some commonly-needed redirect URIs you need for your Google Cloud Console OAuth app. If you set these up, you can reuse the same GCP app for other Google apps and modules on Make.

  https://www.make.com/oauth/cb/oauth2
  https://www.make.com/oauth/cb/google
  https://www.make.com/oauth/cb/google/
  https://www.make.com/oauth/cb/google-custom
  https://www.make.com/oauth/cb/google-restricted
  https://www.make.com/oauth/cb/google-cloud-speech
  https://www.make.com/oauth/cb/google-search-console
  https://www.make.com/oauth/cb/google-analytics-4
  https://www.make.com/oauth/cb/google-ads2
  https://www.make.com/oauth/cb/google-ads2/
  https://www.make.com/oauth/cb/youtube
  https://www.make.com/oauth/cb/chrome
  

  Including These Google Redirect URIs

  You are also required to insert the legacy URLs below from the old Integromat system that not been migrated to Make yet (same as the above list, but replace “make” with “integromat”):

  https://www.integromat.com/oauth/cb/oauth2
  https://www.integromat.com/oauth/cb/google
  https://www.integromat.com/oauth/cb/google/
  https://www.integromat.com/oauth/cb/google-custom
  https://www.integromat.com/oauth/cb/google-restricted
  https://www.integromat.com/oauth/cb/google-cloud-speech
  https://www.integromat.com/oauth/cb/google-search-console
  https://www.integromat.com/oauth/cb/google-analytics-4
  https://www.integromat.com/oauth/cb/google-ads2
  https://www.integromat.com/oauth/cb/google-ads2/
  https://www.integromat.com/oauth/cb/youtube
  https://www.integromat.com/oauth/cb/chrome
  

  Note 1: Due to inconsistencies in Make’s implementation of the connections, there are two separate entries where has one is google and another ending in a forward slash google/ - you might need one or the other, so we have to use both!

  Note 2: Once you’ve set these up, you can use/reuse the same Google OAuth App ID + Secret for all the supported Google connections and modules on Make - you’ll just have to enable the relevant Google APIs!

3. OAuth consent screen

Direct Link: https://console.cloud.google.com/apis/credentials/consent/edit

• 3a. Insert Two Authorised Domains

  • Insert make.com and integromat.com

  • Fill in other required fields

  • Click “Save and Continue”.
    

    

    390×301 14.1 KB

• 3b. Add All Scopes

  • Click “Add or Remove Scopes”

  • Select 100 “Rows per page”, for each page, check all the rows, OR

  • Manually type in the scopes you need

  • Click “Update” at the bottom

  

  1476×1156 182 KB

• 3c. Step through and go to dashboard

  At the last step/page, click “BACK TO DASHBOARD” instead of “Prepare for Verification”
  

• 3d. Publish your GCP OAuth2 app

  You will need to set your OAuth application to “Production”, otherwise the credentials expire very frequently.

  • To do this, go back to “OAuth consent screen”

  • Then click the “PUBLISH APP” button

  • Then click the “CONFIRM” button

  

  479×206 9.36 KB

4. Create New Connection (HTTP, or respective Google module)

You can find the Client ID and Client Secret in the OAuth2 app you created in GCP, on the right-hand side of where you inserted the callback URLs in step 2:

471×488 18.6 KB

• 4a. Specific Google module (Sheets, Docs, Drive, Gmail, etc.)

  Insert the GCP app client ID and secret here BEFORE clicking “Sign in”

  (Gmail example)
  

  

  525×643 65.1 KB

  OR,

• 4b. HTTP OAuth 2.0 Request module

  

  708×401 44.2 KB

  You need a “Authorize Parameters” key of redirect_uri with the above Make OAuth2 callback URL.

  

  597×904 61.2 KB

Related Topics:

• Gmail/Google Drive verification issues (error 400): how to solve

Hope this helps! Let me know if there are any further questions or issues.

— @samliew