I am getting an "HttpError 403' when I try to access an user profile. I followed the tutorial and setup all the rights in the Central Panel. Here is the code:
import httplib2
import pprint
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
SERVICE_ACCOUNT_EMAIL = 'xxxx@developer.gserviceaccount.com'
SERVICE_ACCOUNT_PKCS12_FILE_PATH = '/xxxx/privatekey.pem'
USER_EMAIL = 'xyz@test.com'
SCOPES = ['https://www.googleapis.com/auth/plus.profiles.read']
def authenticate():
print "opening the key"
f = open(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'rb')
key = f.read()
f.close()
print "closing the key"
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key, scope=SCOPES, sub=USER_EMAIL)
http = httplib2.Http()
http = credentials.authorize(http)
print "getting the credentials"
return build('plusDomains', 'v1', http=http)
print "calling the authentication"
service = authenticate()
print "calling people service"
people_service = service.people()
print "getting the user profile"
people_document = people_service.get(userId='abc@test.com').execute()
print 'ID: %s' % people_document.get('id')
print 'Display name: %s' % people_document.get('displayName')
print 'Image URL: %s' % people_document.get('image').get('url')
print 'Profile URL: %s' % people_document.get('url')
Here is the response:
calling the authentication
opening the key
closing the key
getting the credentials
calling people service
getting the user profile
Traceback (most recent call last):
File "test.py", line 39, in <module>
people_document = people_service.get(userId='abc@test.com').execute()
File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/apiclient/http.py", line 723, in execute
raise HttpError(resp, content, uri=self.uri)
apiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/plusDomains/v1/people/abc@test.com?alt=json returned "Forbidden">
By the way this is the scopes I have in the Google's CPANEL
- https://www.googleapis.com/auth/admin.directory.user.readonly
- https://www.googleapis.com/auth/plus.profiles.read
We had this working before, but since a month ago is not working. Any help is welcome.
