Chrome Extension: Google Photos API Returns "Insufficient Scopes" Despite Correct Setup
I’m building a Chrome extension that integrates with Google Photos API, but I keep hitting a 403 PERMISSION_DENIED error with the message: "Request had insufficient authentication scopes"
What Works
- Google Calendar API requests succeed with the same auth flow (calendar.readonly scope works perfectly).
- The OAuth token is obtained successfully.
- The extension has the correct scopes declared in manifest.json.
What I’ve Tried
Manifest.json Configuration:
"scopes": [
"https://www.googleapis.com/auth/calendar.readonly",
"https://www.googleapis.com/auth/photoslibrary.readonly",
"https://www.googleapis.com/auth/photoslibrary"
]
- Enabled Google Photos Library API in Google Cloud Console.
- Added Test Users to OAuth consent screen (app is in "Testing" mode).
API Endpoints Tested:
Screenshots:
Why does the same token work for Calendar API but fail for Photos API?
Why does the Photos API claim "insufficient scopes" when the token includes them?
Has anyone successfully used Google Photos API in a Chrome extension? Are there hidden requirements or quota limits I’m missing?
the scope photoslibrary.readonly、photoslibrary has been deprecated and will be removed after March 31, 2025.
After this date, any API calls using only this scope will return a 403 PERMISSION_DENIED error.
What should you do?
For reading photos, use the https://www.googleapis.com/auth/photoslibrary.readonly.appcreateddata scope.
For other use cases, review the latest Google Photos API documentation for supported scopes and migration instructions.
Reference:
https://developers.google.com/photos/support/updates#affected-scopes-methods
- Getting around X-Frame-Options DENY in a Chrome extension? (2)
- Do source maps work for Chrome extensions?
- Is it possible to require npm modules in a chrome extension ?
- "Error: `sidePanel.open()` may only be called in response to a user gesture." Received this when open side panel with keyboard shortcut
- Optionally inject Content Script
- WebPRNT Star TSP - google chrome flag "Block insecure private network requests" not work
- Use `chrome.devtools.panels.create()` in Chrome Extension content script
- Chrome Extension: Google Photos API Returns "Insufficient Scopes" Despite Correct Setup
- How to Load Extensions Programmatically in Chrome Version 137+?
- Copy to clipboard in chrome extension V3
- 'unsafe-eval' on chrome extension
- In a Google Drive folder, have an external URL stored as a "file" that when clicked opens an external website
- Get all keys from Chrome Storage
- How to debug crashing Chrome browser extensions?
- What can cause a Chrome browser extension to crash?
- How do I make my code asynchronous ? (Google Chrome Extension)
- How to allow CSP for domains after specific prefix
- --load-extension parameter for chrome doesn't work
- How to download a CRX file from the Chrome web store for a given ID?
- Can you access chrome:// pages from an extension?
- Cannot install any chrome extensions"could not load background cript
- Chrome Extension - manifest.json load all js in folder
- ManifestV3 new promise error: The message port closed before a response was received
- How can i get m3u8 address without devtools-network?
- Can I get access to localStorage of site from chrome extension?
- How to postMessage into iFrame?
- Persistent Service Worker in Chrome Extension
- I lost my userscripts in Tampermonkey. How do I recover them?
- Chrome extension to modify page's script includes and JS
- How to get a content script to load AFTER a page's Javascript has executed?