Unable to Get or Refresh access token from Google Credentials instance in java sdk
nithinks21 opened this issue · 1 comments
PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.
Hi There,
I am trying to getAccess Token from the GoogleCredentials object instance from java SDK. But getAccessToken() API returns null.
Also, the refreshIfExpired() API throws an exception. I have detailed it below.
I need access token to make an HTTP Request to initiate resumable and multipart uploads.
Reason to opt to ReST HTTP requests from java sdk is because of the following open issue with java sdk.
#2310 : Unable to initiate resumable uploads from java sdk: Cloud storage v2 API.
Here's the code:
`
public static void main(String[] args) throws Exception {
Map<String, String> m = new java.util.HashMap<>();
m.put("type", "service_account");
m.put("project_id", "**-development-******");
m.put("private_key_id", "**********************************");
m.put("private_key", "-----BEGIN PRIVATE KEY-----\n****************************\n-----END PRIVATE KEY-----\n");
m.put("client_email", "*******@**-development-******.iam.gserviceaccount.com");
m.put("client_id", "************************");
m.put("auth_uri", "https://accounts.google.com/o/oauth2/auth");
m.put("token_uri", "https://oauth2.googleapis.com/token");
m.put("auth_provider_x509_cert_url", "https://www.googleapis.com/oauth2/v1/certs");
m.put("client_x509_cert_url", "https://www.googleapis.com/robot/v1/metadata/x509/*******%40**-development-********.iam.gserviceaccount.com");
m.put("universe_domain", "googleapis.com");
byte[] configBytes = JsonUtils.toBytes(m);
InputStream is = new ByteArrayInputStream(configBytes);
GoogleCredentials credentials = GoogleCredentials.fromStream(is);
credentials.getAccessToken();
System.out.println("credentials.getAccessToken(): " + credentials.getAccessToken());
credentials.refreshIfExpired();
}`
Output:
`
credentials.getAccessToken(): null
Exception in thread "main" com.google.auth.oauth2.GoogleAuthException: Error getting access token for service account: 400 Bad Request
POST https://oauth2.googleapis.com/token
{"error":"invalid_scope","error_description":"Invalid OAuth scope or ID token audience provided."}, iss: xxx@xx-development-xxxxxx.iam.gserviceaccount.com
at com.google.auth.oauth2.GoogleAuthException.createWithTokenEndpointResponseException(GoogleAuthException.java:129)
at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:541)
at com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:269)
at com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:266)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at com.google.auth.oauth2.OAuth2Credentials$RefreshTask.run(OAuth2Credentials.java:633)
at com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
at com.google.auth.oauth2.OAuth2Credentials$AsyncRefreshResult.executeIfNew(OAuth2Credentials.java:581)
at com.google.auth.oauth2.OAuth2Credentials.asyncFetch(OAuth2Credentials.java:232)
at com.google.auth.oauth2.OAuth2Credentials.refreshIfExpired(OAuth2Credentials.java:203)
at aone.libs.vault.GcsTest.main(GcsTest.java:54)
Caused by: com.google.api.client.http.HttpResponseException: 400 Bad Request
POST https://oauth2.googleapis.com/token
{"error":"invalid_scope","error_description":"Invalid OAuth scope or ID token audience provided."}
at com.google.api.client.http.HttpResponseException$Builder.build(HttpResponseException.java:293)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1118)
at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:538)
... 9 more
Caused by: com.google.api.client.http.HttpResponseException: 400 Bad Request
`
Appreciate any inputs, to help me proceed further.
Thanks in Advance,
Nithin
Hi Nithin, it looks like you may need to add a line right after creating the credentials from stream: credentials.refreshIfExpired(); See credential loading instructions here: https://github.com/googleapis/google-auth-library-java/tree/main
If you are still experiencing this issue after trying the above, I'd recommend opening an issue in the Java oauth2 library.