google-chrome-extensionoauth-2.0chrome-extension-manifest-v3google-photosgoogle-photos-api

Chrome Extension: Google Photos API Returns "Insufficient Scopes" Despite Correct Setup


I’m building a Chrome extension that integrates with Google Photos API, but I keep hitting a 403 PERMISSION_DENIED error with the message: "Request had insufficient authentication scopes"

What Works

What I’ve Tried

Manifest.json Configuration:

"scopes": [
    "https://www.googleapis.com/auth/calendar.readonly",
    "https://www.googleapis.com/auth/photoslibrary.readonly",
    "https://www.googleapis.com/auth/photoslibrary"
  ]
  1. Enabled Google Photos Library API in Google Cloud Console.
  2. Added Test Users to OAuth consent screen (app is in "Testing" mode).

API Endpoints Tested:

  1. https://photoslibrary.googleapis.com/v1/mediaItems

  2. https://photoslibrary.googleapis.com/v1/mediaItems:search

Screenshots:

The scopes added

The 403 error

Why does the same token work for Calendar API but fail for Photos API?

Why does the Photos API claim "insufficient scopes" when the token includes them?

Has anyone successfully used Google Photos API in a Chrome extension? Are there hidden requirements or quota limits I’m missing?


Solution

  • the scope photoslibrary.readonlyphotoslibrary has been deprecated and will be removed after March 31, 2025.

    After this date, any API calls using only this scope will return a 403 PERMISSION_DENIED error.

    What should you do?

    For reading photos, use the https://www.googleapis.com/auth/photoslibrary.readonly.appcreateddata scope.

    For other use cases, review the latest Google Photos API documentation for supported scopes and migration instructions.

    Reference:

    https://developers.google.com/photos/support/updates#affected-scopes-methods