尝试使用 Google Analytics Data GA4 API 运行 runReport 方法时,我们收到错误 ACCESS_TOKEN_SCOPE_INSUFFICIENT。 正如您在调试转储中看到的,授权中具有发出请求的所有必要范围:
要求:
curl -X POST -H "User-Agent: python-requests/2.27.1" -H "Accept-Encoding: gzip, deflate" -H "Accept: */*" -H "Connection: keep-alive" -H "Content-Length: 399" -H "Content-Type: application/json" -d '{"dateRanges": [{"startDate": "2022-04-25", "endDate": "2022-04-25"}], "dimensions": [{"name": "date"}, {"name": "eventName"}, {"name": "sessionDefaultChannelGrouping"}, {"name": "sessionSource"}, {"name": "source"}], "metrics": [{"name": "eventCount"}, {"name": "eventValue"}, {"name": "newUsers"}, {"name": "sessions"}], "metricFilter": null, "dimensionFilter": null, "limit": 100000, "offset": 0}' 'https://analyticsdata.googleapis.com/v1beta/properties/264786259:runReport?access_token=REMOVED'
回应
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"service": "analyticsdata.googleapis.com",
"method": "google.analytics.data.v1beta.BetaAnalyticsData.RunReport"
}
}
]
}
}
进一步调试转储
% curl -X POST -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Length: 399' -H 'Content-Type: application/json' -H 'User-Agent: python-requests/2.27.1' -d '{"dateRanges": [{"startDate": "2022-04-13", "endDate": "2022-04-13"}], "dimensions": [{"name": "date"}, {"name": "eventName"}, {"name": "sessionDefaultChannelGrouping"}, {"name": "sessionSource"}, {"name": "source"}], "metrics": [{"name": "eventCount"}, {"name": "eventValue"}, {"name": "newUsers"}, {"name": "sessions"}], "metricFilter": null, "dimensionFilter": null, "limit": 100000, "offset": 0}' 'https://analyticsdata.googleapis.com/v1beta/properties/264786259:runReport?access_token=<REMOVED>' -vv
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 2a00:1450:400d:805::200a...
* TCP_NODELAY set
* Connected to analyticsdata.googleapis.com (2a00:1450:400d:805::200a) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=upload.video.google.com
* start date: Mar 28 02:05:27 2022 GMT
* expire date: Jun 20 02:05:26 2022 GMT
* subjectAltName: host "analyticsdata.googleapis.com" matched cert's "*.googleapis.com"
* issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f8cda80f400)
> POST /v1beta/properties/264786259:runReport?access_token=<REMOVED> HTTP/2
> Host: analyticsdata.googleapis.com
> Accept: */*
> Connection: keep-alive
> Content-Length: 399
> Content-Type: application/json
> User-Agent: python-requests/2.27.1
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
* We are completely uploaded and fine
< HTTP/2 403
< www-authenticate: Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/analytics.readonly https://www.googleapis.com/auth/analytics https://www.google.com/analytics/feeds https://www.google.com/analytics/feeds/data https://www.google.com/analytics/feeds/"
< vary: X-Origin
< vary: Referer
< vary: Origin,Accept-Encoding
< content-type: application/json; charset=UTF-8
< date: Thu, 21 Apr 2022 08:10:43 GMT
< server: ESF
< cache-control: private
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< x-content-type-options: nosniff
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
< accept-ranges: none
<
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "google.analytics.data.v1beta.BetaAnalyticsData.RunReport",
"service": "analyticsdata.googleapis.com"
}
}
]
}
}
* Connection #0 to host analyticsdata.googleapis.com left intact
* Closing connection 0
您能否告诉我们,尽管我们已授权所有必需的范围,但此请求为何失败?
您将随您的请求发送访问令牌。
当您请求用户同意以获得该访问令牌时。您必须已获得以下范围之一的同意
没有它,您的访问令牌的身份验证范围不足。再次请求用户的访问权限并请求正确的范围。
我在集成 ga data api 时遇到了同样的问题