Why am I encountering a 403 Forbidden error when integrating Google Drive with my app using Pipedream Connect?

Help
1

This topic was automatically generated from Slack. You can find the original thread here.

Hey I’m integrating Google Drive with my app using Pipedream Connect and running into a problem

I created my own Google OAuth client (in testing mode), plugged the client ID and secret into Pipedream as a custom OAuth client, and set the redirect URI to Pipedream’s callback URL. I’ve verified that:
• The redirect URI matches exactly in Google Cloud and Pipedream
pipedream.com is listed in my OAuth consent screen’s authorized domains
• The scopes match (for Google Drive it’s https://www.googleapis.com/auth/drive
• I’m passing in the OAuth App ID to connectAccount on the frontend
When I try to connect a Google Drive account via Pipedream Connect from my local dev environment, the Google auth screen appears, and Drive shows that my app is connected (I can verify this in my Google account). But back in Pipedream, the connection fails with a 403 Forbidden error.

Is there anything else I should check? Workspace id is o_ZjIM98L

image.png
image.png1944×1688 252 KB

2

If you remove oauthAppId from connectAccount does that change anything?

3

Can you show me the code for createConnectToken and connectAccount?

4

no difference if i remove oauthAppId from connect account. here’s the full code:

image.png
image.png1088×1414 166 KB

image.png
image.png1152×762 89.1 KB

image.png
image.png1152×1460 92.4 KB

5

Wait are you still getting a 403?

6

Nope, it works if i don’t pass in oauthAppId

image.png
image.png1152×1394 58.1 KB

7

Okay, this was confusing to me:

no difference if i remove oauthAppId

8

Can you share an example of an oauthAppId value?

9

That’s non sensitive

10

for gdrive it’s oa_dzi7zY

11

When you do pass it in connectAccount, can you look at the network call to

https://api.pipedream.com/v1/connect/tokens/ctok_{connect-token}/validate?app_id={app-slug}

in your browser?

12

does my oauth app need to be published and not in testing mode?

13

And can you paste the response of that network call here?

14

does my oauth app need to be published and not in testing mode?
There’s no concept of published vs testing in Pipedream — do you mean in Google? If so, I don’t think that’d be impacting this screen.

15

yeah i meant in google

here’s the network call response it’s making to

https://api.pipedream.com/v1/connect/tokens/ctok_2d.../validate?app_id=google_drive&oauth_app_id=oa_dzi7zY

{
    "app": {
        "id": "app_1lxhk1",
        "name_slug": "google_drive",
        "name": "Google Drive",
        "auth_type": "oauth",
        "description": "Google Drive is a file storage and synchronization service which allows you to create and share your work online, and access your documents from anywhere.",
        "img_src": "https://assets.pipedream.net/s.v0/app_1lxhk1/logo/orig",
        "custom_fields_json": "[]",
        "categories": [
            "File Storage"
        ],
        "featured_weight": 1000000096,
        "connect": {
            "allowed_domains": [
                "[www.googleapis.com](http://www.googleapis.com)",
                "[drive.googleapis.com](http://drive.googleapis.com)"
            ],
            "base_proxy_target_url": "https://www.googleapis.com",
            "proxy_enabled": true
        }
    },
    "oauth_app_id": "oa_dzi7zY",
    "success_redirect_uri": null,
    "error_redirect_uri": null,
    "success": true,
    "error": null,
    "project_environment": "development",
    "project_app_name": "DrawOS",
    "project_support_email": "[s@drawos.io](mailto:s@drawos.io)",
    "project_id": "proj_W7sDDZE"
}
16

Oh actually the verification process on Google’s end could be the issue here

17

I forget their publishing options, can’t you set it to internal or something?

18

hmm i get this if i set it to internal

image.png
image.png1582×1760 193 KB

19

the weird part initially is that the connection does get set on googles side, but it’s pipedream that throws the 403 forbidden

image.png
image.png1810×968 67.1 KB

image.png
image.png854×1458 75.6 KB

20

Can you try adding these scopes to your OAuth client config in Pipedream?

email
profile