oauth 2.0 - Google API HTTP 401 - Token invalid - AuthSub token has wrong scope -

i'm struggling google api few days while sending post request google sites api via c# application.

first redeem authorization code google's servers request:

    https://accounts.google.com/o/oauth2/auth?     scope=email%20profile& state=security_token%3d138r5719ru3e1%26url%3dhttps://oa2cb.mydomain/myhome&     redirect_uri=http://localhost&     response_type=code&     client_id= // client id here...     access_type=online&     approval_prompt=auto 

in redirect uri got authorization code use claim access token:

string requesturl;              requesturl = "https://www.googleapis.com/oauth2/v3/token";             webrequest request = webrequest.create(requesturl);             request.method = "post";              // create post data , convert byte array.             string postdata = "code=4/apjahlvlglxw1fjkdcopeqjfovtndzyq7fzvrziuero#&" +                 "client_id=//cilent id here&" +                 "client_secret=client secret here&" +                 "redirect_uri=http://localhost&" +                 "grant_type=authorization_code";             byte[] bytearray = encoding.utf8.getbytes(postdata);             request.contenttype = "application/x-www-form-urlencoded";             request.contentlength = bytearray.length;             stream datastream = request.getrequeststream();             datastream.write(bytearray, 0, bytearray.length);             datastream.close();             webresponse response = request.getresponse();             console.writeline(((httpwebresponse)response).statusdescription);             datastream = response.getresponsestream();             streamreader reader = new streamreader(datastream);             string responsefromserver = reader.readtoend();             console.writeline(responsefromserver);             reader.close();             datastream.close();             response.close(); 

the response containing token looks that:

{  "access_token": "ya29.pagx8f4e0zybazzq5rxwvs6ll1jryj0_gcog5ueo3figt2h4cj10jee4ziaoa09vhrovejn5p7iw",  "token_type": "bearer",  "expires_in": 3600,  "id_token": "eyjhbgcioijsuzi1niisimtpzci6ije2nwq2mzcwztgzoti5yme4y2e4zwu5otmzztexzjg2yzg4yzawnjuifq.eyjpc3mioijhy2nvdw50cy5nb29nbguuy29tiiwic3viijoimta1otc0njqwmtuznzu0nju1mde5iiwiyxpwijoiotkwmzuxmja1mzy4lxbudgyxzxntaxq3a3zlbmg5cnrvbw5pmmdhmmy0n2zslmfwchmuz29vz2xldxnlcmnvbnrlbnquy29tiiwizw1hawwioijuaxiuazfaagfpzmfuzxqub3jnlmlsiiwiyxrfagfzaci6imc5mu5wovrys2juavezcfptm2ewa1eilcjlbwfpbf92zxjpzmllzci6dhj1zswiyxvkijoiotkwmzuxmja1mzy4lxbudgyxzxntaxq3a3zlbmg5cnrvbw5pmmdhmmy0n2zslmfwchmuz29vz2xldxnlcmnvbnrlbnquy29tiiwiagqioijoywlmyw5ldc5vcmcuawwilcjpyxqioje0mzu4mji2odasimv4cci6mtqzntgynji4mh0.ceaq8s3gg-yeawqju1ixdb7ro2svkp2qdvtxnwl6196ojequ1lflpz9ftrpnegsdkhxro5zx0lde52ryw8twmkiluqqchloewvjqmjz6tipzt-b-qeuta6op4z9herwkmk2sofl88g-xz6jkc7gk1ggpvcatbu7x0-qprhqxmduzp7zceveootbd8g7livhakk9sa5rnongt-n6svzecqhslss7kduxc4dstnenhyv_9otipvvsqple-cjz7fdhc7mkw7bfwsgkbe8xbrubz5-o3ag5rvgyutyqdaoq9qr3_nqckirisus127scaywcype22q8l_2anpfju0vuxo6g" } 

and final step call google api using access_token way:

 httpwebrequest req = (httpwebrequest)system.net.webrequest.create("https://sites.google.com/feeds/site/mydomain");         req.contenttype = "application/atom+xml";         req.host = "sites.google.com";         req.method = "post";         req.headers["gdata-version"] = "1.4";         req.headers["authorization"] = "bearer ya29.pagx8f4e0zybazzq5rxwvs6ll1jryj0_gcog5ueo3figt2h4cj10jee4ziaoa09vhrovejn5p7iw";          byte[] bytes = system.text.encoding.ascii.getbytes("<entry xmlns='http://www.w3.org/2005/atom' xmlns:sites='http://schemas.google.com/sites/2008'><title>source site</title><summary>a new site hold memories</summary><sites:theme>slate</sites:theme></entry>");         req.contentlength = bytes.length;          using (stream os = req.getrequeststream())         {             os.write(bytes, 0, bytes.length);         }          try         {             using (system.net.webresponse resp = req.getresponse())             {                  using (system.io.streamreader sr = new system.io.streamreader(resp.getresponsestream()))                 {                     string = sr.readtoend().trim();                 }             }         }         catch (webexception ex)         {             using (var stream = ex.response.getresponsestream())             using (var reader = new streamreader(stream))             {                 console.writeline(reader.readtoend());             }         } 

but @ end of step 401 http error.

token invalid - authsub token has wrong scope 

what doing wrong? in advance

you authenticating users using following scopes

scope=email%20profile&

the sites data api uses following scope: https://sites.google.com/feeds/.