Getting 401 unauthorized client when trying to impersonate with service account

Question

Getting 401 unauthorized client when trying to impersonate with service account

tonyzeng91 opened this issue 2 years ago · 0 comments

Hi - I am getting the follow error when trying to impersonate a service account.

{:error, %RuntimeError{message: "unexpected status 401 from Google\n\n{\n  \"error\": \"unauthorized_client\",\n  \"error_description\": \"Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.\"\n}\n"}}

# steps to impersonate
credentials = "credentials.json" |> File.read!() |> Jason.decode!()
claims = %{"sub" => "<IMPERSONATED_ACCOUNT_EMAIL>", "scope" => "https://www.googleapis.com/auth/cloud-platform"}
Goth.Token.fetch(source: {:service_account, credentials, [claims: claims]})

I am able to impersonate with a similar library in Python. Any idea why I am getting this error using the Goth lib?