google / oauth2l

oauth2l ("oauth tool") is a simple CLI for interacting with Google API authentication.
Apache License 2.0
652 stars 81 forks source link

parse error: asn1: syntax error: sequence truncated #140

Open gu1113 opened 2 years ago

gu1113 commented 2 years ago

Hello im trying to fetch a google api token for the postmaster tools but i have some errors using the script;

using it directly with the credentials.json download from the google console i have received;

$ ./oauth2l fetch --credentials credentials.json --scope postmaster.readonly missing 'type' field in credentials $

Adding "type":"service_account","web" to the json file the error have changed for the following;

$ ./oauth2l fetch --credentials credentials.json --scope postmaster.readonly private key should be a PEM or plain PKCS1 or PKCS8; parse error: asn1: syntax error: sequence truncated $

Whats about is the last one related ?,

Thanks

andyrzhao commented 2 years ago

Hi there, it sounds like you have a malformed credentials.json and possibly mixing and matching client id credentials with service account credentials. Also, you should never have to hand-edit fields in the credentials. Can you tell me what the original credentials.json looked like (i.e. all the fields it had). Don't share the values. Thanks!

gu1113 commented 2 years ago

Hello andy , thanks for your reply!

here you are my downloaded untouched json credential file;

$ cat client_secret_588412352642-jv7lchcip7oq13b58udqvXXXXXXXXXXXXX.apps.googleusercontent.com.json | json_pp { "web" : { "client_secret" : "GOCSPX-7umgRkXwWha358sP5XXXXXXXXXX", "client_id" : "588412352642-jv7lchcip7oq13b58udqXXXXXXXXXXXX.apps.googleusercontent.com", "token_uri" : "https://oauth2.googleapis.com/token", "auth_uri" : "https://accounts.google.com/o/oauth2/auth", "auth_provider_x509_cert_url" : "https://www.googleapis.com/oauth2/v1/certs", "project_id" : "annular-text-341115" } } $

$ ./oauth2l fetch --credentials client_secret_588412352642-jv7lchcip7oq13b58udqvXXXXXXXXXXXXX.apps.googleusercontent.com.json --scope postmaster.readonly missing 'type' field in credentials $

andyrzhao commented 2 years ago

Hi there, so it looks like you are trying to work with a client id credentials file - what is strange is that oauth2l doesn't recognize it, possibly because your credentials file does not have "redirect_uris" field which is needed for the 3LO flow. Can you try creating a new credentials file and selecting "Desktop" instead of "web" for generating the credentials file? We will try to repro your issue on our end in the meantime.

gu1113 commented 2 years ago

Thanks again for you reply andy.

I created a new credentials pair using desktop as app type, and seems it advanced properly, i received;

$./oauth2l fetch --credentials credentials.json --scope=postmaster.readonly Your browser could not be opened to visit:

https://accounts.google.com/o/oauth2/auth?client_id=588412352642-jpnutc2stgcd73adrjd1XXXXXXXqppop.apps.googleusercontent.com&code_challenge=CwYKVVRSCyEqBV5ibhTR2yk2tVuQlS7XXrXXXXXXXXX&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A45495&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fpostmaster.readonly&state=state $

Now i have to figure out whats its the browser message related, and get my auth token. :-)

ulisesL commented 2 years ago

Hi gu1113, going back to the "redirect_uris" missing in the credentials file, did you provide values for "Authorized Javascript origins" and "Authorized redirect URIs" when creating the web client in GCP? Thanks!

gu1113 commented 2 years ago

Hi @ulisesL , thanks for you reply!, i did not complete those files because im trying to get the auth token to use the google postmaster api not sure which fields i should use.

ulisesL commented 2 years ago

No problem! When creating "web" client credentials, please provide the "Authorized Javascript origins" and "Authorized redirect URIs" fields in the GCP UI. "Authorized redirect URIs" is needed for the 3LO flow as @andyrzhao pointed out. Missing this field will result in the error described in your 1st post.

ulisesL commented 2 years ago

Hi @gu1113, Re: Your browser could not be opened to visit:, would you mind sharing what OS and default browser you are using?