Open LuyuanLi97 opened 2 years ago
Hi there, please refer to https://github.com/google/oauth2l#jwt and https://developers.google.com/identity/protocols/oauth2/service-account#error-codes to help troubleshoot. A couple of observations and things to try based on your comment:
Hi! I genarated a JWT code with:
oauth2l fetch --type jwt --credentials my-service-account-file.json --scope firebase.messaging
Then request access_token with CURL like this:curl -d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=<JWT_CODE> ' https://oauth2.googleapis.com/token
but got 400 Bad Request:Invalid JWT: Failed audience check.
And with the JWT code genarated from
oauth2l fetch --type jwt --credentials ./my-service-account-file.json --audience https://oauth2.googleapis.com/token
, I got the 400 Bad Request error"error": "invalid_scope", "error_description": "Invalid OAuth scope or ID token audience provided."
Are there any arguments that I missed?