Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to Get or Refresh access token from Google Credentials instance in java sdk #2311

Closed
nithinks21 opened this issue Nov 22, 2023 · 1 comment
Closed

Unable to Get or Refresh access token from Google Credentials instance in java sdk #2311

nithinks21 opened this issue Nov 22, 2023 · 1 comment
Labels
api: storage Issues related to the googleapis/java-storage API. type: question Request for information or clarification. Not an issue.

Comments

@nithinks21
Copy link

nithinks21 commented Nov 22, 2023
edited

PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.

Hi There,

I am trying to getAccess Token from the GoogleCredentials object instance from java SDK. But getAccessToken() API returns null.
Also, the refreshIfExpired() API throws an exception. I have detailed it below.

I need access token to make an HTTP Request to initiate resumable and multipart uploads.
Reason to opt to ReST HTTP requests from java sdk is because of the following open issue with java sdk.

#2310 : Unable to initiate resumable uploads from java sdk: Cloud storage v2 API.

Here's the code:

`

   public static void main(String[] args) throws Exception {
    Map<String, String> m = new java.util.HashMap<>();
    m.put("type", "service_account");
    m.put("project_id", "**-development-******");
    m.put("private_key_id", "**********************************");
    m.put("private_key", "-----BEGIN PRIVATE KEY-----\n****************************\n-----END PRIVATE KEY-----\n");
    m.put("client_email", "*******@**-development-******.iam.gserviceaccount.com");
    m.put("client_id", "************************");
    m.put("auth_uri", "https://accounts.google.com/o/oauth2/auth");
    m.put("token_uri", "https://oauth2.googleapis.com/token");
    m.put("auth_provider_x509_cert_url", "https://www.googleapis.com/oauth2/v1/certs");
    m.put("client_x509_cert_url", "https://www.googleapis.com/robot/v1/metadata/x509/*******%40**-development-********.iam.gserviceaccount.com");
    m.put("universe_domain", "googleapis.com");

    byte[] configBytes = JsonUtils.toBytes(m);

    InputStream is = new ByteArrayInputStream(configBytes);
    GoogleCredentials credentials = GoogleCredentials.fromStream(is);
    credentials.getAccessToken();
    System.out.println("credentials.getAccessToken(): " + credentials.getAccessToken());
    credentials.refreshIfExpired();

}`

Output:

`

credentials.getAccessToken(): null
Exception in thread "main" com.google.auth.oauth2.GoogleAuthException: Error getting access token for service account: 400 Bad Request
POST https://oauth2.googleapis.com/token
{"error":"invalid_scope","error_description":"Invalid OAuth scope or ID token audience provided."}, iss: xxx@xx-development-xxxxxx.iam.gserviceaccount.com
at com.google.auth.oauth2.GoogleAuthException.createWithTokenEndpointResponseException(GoogleAuthException.java:129)
at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:541)
at com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:269)
at com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:266)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at com.google.auth.oauth2.OAuth2Credentials$RefreshTask.run(OAuth2Credentials.java:633)
at com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
at com.google.auth.oauth2.OAuth2Credentials$AsyncRefreshResult.executeIfNew(OAuth2Credentials.java:581)
at com.google.auth.oauth2.OAuth2Credentials.asyncFetch(OAuth2Credentials.java:232)
at com.google.auth.oauth2.OAuth2Credentials.refreshIfExpired(OAuth2Credentials.java:203)
at aone.libs.vault.GcsTest.main(GcsTest.java:54)
Caused by: com.google.api.client.http.HttpResponseException: 400 Bad Request
POST https://oauth2.googleapis.com/token
{"error":"invalid_scope","error_description":"Invalid OAuth scope or ID token audience provided."}
at com.google.api.client.http.HttpResponseException$Builder.build(HttpResponseException.java:293)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1118)
at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:538)
... 9 more

Caused by: com.google.api.client.http.HttpResponseException: 400 Bad Request

`

Appreciate any inputs, to help me proceed further.

Thanks in Advance,
Nithin
@product-auto-label product-auto-label bot added the api: storage Issues related to the googleapis/java-storage API. label Nov 22, 2023
@BrennaEpp
Copy link

Hi Nithin, it looks like you may need to add a line right after creating the credentials from stream: credentials.refreshIfExpired(); See credential loading instructions here: https://github.com/googleapis/google-auth-library-java/tree/main

If you are still experiencing this issue after trying the above, I'd recommend opening an issue in the Java oauth2 library.

@frankyn frankyn added the type: question Request for information or clarification. Not an issue. label Feb 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api: storage Issues related to the googleapis/java-storage API. type: question Request for information or clarification. Not an issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@frankyn @BrennaEpp @nithinks21