ADC authentication Forbidden (HTTP 403)
damnflow opened this issue · 1 comments
There is an issue where ADC authentication is not possible through the R library. Forbidden (HTTP 403)...
needs to check the address to which the authentication request is sent.
Can I check which domains I need to add more UTM list?
[ UTM List ]
*.googleapis.com
*.appspot.com
*.cloudfunctions.net
*.cloudproxy.app
*.cloud.google.com
*.googleusercontent.com
*.gcr.io
*.googleadapis.com
*.pkg.dev
*.run.app
*.pki.goog
*.gstatic.com
*.ltsapis.goog
*.google.com
*.github.io
*.debian.org
*.ubuntu.com
*.docker.com
*.whatap.io
*.googlecloud.com
*.github.com
*.postgresql.org
*.fastlydns.net
files.pythonhosted.org
pypi.org
pypi.python.org
cran.r-project.org
*.amazonaws.com
charts.helm.sh
charts.jenkins.io
helm.gethue.com
launchpadcontent.net
ppa.launchpadcontent.net
*.anaconda.com
*.anaconda.org
bastion-sp-apnortheast2.prod.spddevops.com
The difference between the call to credentials_app_default() that happens within bq_auth() vs. the plain credentials_app_default() you are making is the scopes.
Here's the signature for bq_auth():
bq_auth <- function(email = gargle::gargle_oauth_email(),
path = NULL,
scopes = c(
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/cloud-platform"
),
cache = gargle::gargle_oauth_cache(),
use_oob = gargle::gargle_oob_default(),
token = NULL) { ... }So I suspect this user token being picked up by ADC doesn't have the right scopes.