Skip to main content
Question

Insufficent scope when trying to make a call using As-User header

  • May 22, 2025
  • 3 replies
  • 13 views
C
Forum|alt.badge.img

When I try to list a folder on behalf of another user I get the error message.

Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."

My scopes: root_readwrite,manage_managed_users,gcm

I test it with an account not connected to the account which have created the application, with a co-admin role. Of course I have as-user option activated on the application. Do I need to add another scope?

 

Alternatively, how to list root folders of all users belonging to an organization?

    3 replies

    C
    Forum|alt.badge.img

    Hello , 

     

    A few possibilities I can think of: 

    • If this is a JWT app, did you reauthorize it in the admin console after enabling the as-user header? 
    • Did you obtain a new token pair after enabling the as-user header? 
    • Are you using a primary admin or co-admin token with high enough privileges to make the call? 
    C
    Forum|alt.badge.img
    • It's not JWT.
    • Yes, many times.
    • I made sure that I use a co-admin account with "Log in to users' accounts" permission.
    C
    Forum|alt.badge.img

    The scope required for As-User calls is `admin_on_behalf_of` 

    Terms of ServiceAccessibility statement