Oauth2 client does NOT work with specified scope

[csethanhcong]

- What you're trying to do

• I completed an Oauth2 flow to get the user's consent and stored the refresh token
• In the flow, I ask for sensitive scope (let's say youtube.channel-owner)
• I made another API call under this refresh token permission and scope but got an error: 'Access forbidden. The request may not be properly authorized.'

- What code you've already tried

// Init auth client snippet
const oauth2Client = new google.auth.OAuth2(
  CLIENT_ID,
  CLIENT_SECRET
);

const _credentials: Credentials = {};
_credentials.refresh_token = refreshToken;
if (!!accessToken) {
  _credentials.access_token = accessToken;
}
  _credentials.scope = 'https://www.googleapis.com/auth/youtube.channel-memberships.creator';
oauth2Client.setCredentials(_credentials);
...
// API call
const resp = await google.youtube('v3').members.list({
    part: ['snippet'],
    filterByMemberChannelId: userChannelId,
    auth: oauth2Client,
  });

- Any error messages you're getting 'Access forbidden. The request may not be properly authorized.'

Could someone please help me with this? Thanks in advance.

[danielbankhead]

@csethanhcong I don’t see youtube.channel-owner as a valid scope: https://developers.google.com/identity/protocols/oauth2/scopes#youtube

To help debug: what happens when you use a different, broader scope, such as https://www.googleapis.com/auth/youtube?

[csethanhcong]

@danielbankhead Thank you for your reply!

Indeed the used scope was https://www.googleapis.com/auth/youtube.channel-memberships.creator, sorry for the wrong wording.

Since the capability of this broader scope is too sensitive to our client's channel for OAuth, I'm sorry to say that we can't debug with this broader scope.

[danielbankhead]

Since the capability of this broader scope is too sensitive to our client's channel for OAuth, I'm sorry to say that we can't debug with this broader scope.

Do you mind creating a small test project in order to verify? I'm unable to reproduce this issue.