Google Cloud IoT Scopes – Cloud Platform & Cloud IoT

When applications use service accounts to use Google Cloud APIs, they must define scopes which defines the permissions for the application.

The 2 scopes that can be set for applications that are using Google Cloud IoT are,

• Cloud Platform - This permission enables the application to view and manage data across the Google Cloud Platform.
• Cloud IoT - This permission enables the application to register and manage devices in Google Cloud IoT.

IoT Cloud Tester  application enables both the scopes when using the Google API.

In the above example, both cloudiot and cloud-platform scopes are added to the Google credential that gets passed to the Google Cloud API call.

ServiceAccountCredentials{clientId=105494402818601193077, clientEmail=iot-479@second-inquiry-315605.iam.gserviceaccount.com, privateKeyId=e79eb513c3f9cd3d154d409c577b5c15c23e3a41, transportFactoryClassName=com.google.auth.oauth2.OAuth2Utils$DefaultHttpTransportFactory, tokenServerUri=https://oauth2.googleapis.com/token, scopes=[https://www.googleapis.com/auth/cloudiot, https://www.googleapis.com/auth/cloud-platform], serviceAccountUser=null, quotaProjectId=null}