POST requests with --json body return 403 despite valid scopes #188
Description
Bug Description
Any gws command that uses --json to send a POST request body returns a 403 insufficientPermissions error, even when the required scopes are correctly granted and verified via gws auth status.
GET requests work correctly with the same token.
Steps to Reproduce
# Auth with gmail.compose, gmail.modify, presentations scopes
gws auth login
# This works fine (GET)
gws gmail users getProfile --params '{"userId": "me"}'
# This fails with 403 (POST with body)
RAW=$(echo -e "To: test@test.com\r\nSubject: Hello World\r\nContent-Type: text/plain\r\n\r\ntest" | base64 | tr '+/' '-_' | tr -d '=\n')
gws gmail users drafts create --params '{"userId": "me"}' --json "{\"message\": {\"raw\": \"$RAW\"}}"
# This also fails with 403 (POST with body)
gws slides presentations batchUpdate \
--params '{"presentationId": "PRESENTATION_ID"}' \
--json '{"requests": [{"createSlide": {"insertionIndex": 0, "slideLayoutReference": {"predefinedLayout": "BLANK"}}}]}'Expected Behavior
Draft should be created / slide should be updated.
Actual Behavior
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"reason": "insufficientPermissions"
}
}Scope
This appears to affect all POST requests that include a --json body. GET requests are unaffected. Related to #182 which covers body-less POSTs returning 411 — together these suggest the HTTP request construction for POST methods is broken in two distinct ways.
Environment
- gws version: 0.4.4
- OS: macOS (Darwin 25.3.0)
- Auth method: OAuth2