Scopes not configured for service account.


When applications use service accounts to use Google Cloud APIs, they must define scopes which defines the permissions for the application.

When the scopes are not enabled, Google Cloud API will return an error.

IoT Cloud Tester  application enables both the scopes when using the Google API.

In the below example, the scopes are purposely not enabled to demonstrate the error.

Note the scopes is empty in the above call.

ServiceAccountCredentials{clientId=105494402818601193077, clientEmail=iot-479@second-inquiry-315605.iam.gserviceaccount.com, privateKeyId=e79eb513c3f9cd3d154d409c577b5c15c23e3a41, transportFactoryClassName=com.google.auth.oauth2.OAuth2Utils$DefaultHttpTransportFactory, tokenServerUri=https://oauth2.googleapis.com/token, scopes=[], serviceAccountUser=null, quotaProjectId=null}

To fix the above error, the scopes should be set as follows,

ServiceAccountCredentials{clientId=105494402818601193077, clientEmail=iot-479@second-inquiry-315605.iam.gserviceaccount.com, privateKeyId=e79eb513c3f9cd3d154d409c577b5c15c23e3a41, transportFactoryClassName=com.google.auth.oauth2.OAuth2Utils$DefaultHttpTransportFactory, tokenServerUri=https://oauth2.googleapis.com/token, scopes=[https://www.googleapis.com/auth/cloudiot, https://www.googleapis.com/auth/cloud-platform], serviceAccountUser=null, quotaProjectId=null}