yash30201
commented
6 months ago Hi @wenshan, thanks for raising this issue. The "Failed to connect" error (code 28) usually indicates a network-level problem rather than an issue with the code (and thus this library) itself. I've tried reproducing it with curl as well as using PHP curl and didn't face any issue.
Code
```php getenv('SERVICE_ACCOUNT_EMAIL'), "scope" => "https://www.googleapis.com/auth/devstorage.read_only", "aud" => "https://oauth2.googleapis.com/token", "exp" => time() + 3600, "iat" => time() ]; $key = json_decode(file_get_contents(getenv('GOOGLE_APPLICATION_CREDENTIALS')), true); return JWT::encode( $jwtClaims, $key['private_key'], 'RS256' ); } function sendCurlRequest($key) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://oauth2.googleapis.com/token'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'Content-Type: application/x-www-form-urlencoded', ]); curl_setopt( $ch, CURLOPT_POSTFIELDS, 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=' . $key ); $response = curl_exec($ch); $response = json_decode($response, true); echo "Access token => " . $response['access_token'] . PHP_EOL; curl_close($ch); } ```You can try adding -v flag to you curl command to get more verbose output and get some clue as to why it's happening on your system. It's very helpful that you've confirmed it works with Postman. This reinforces the idea that the issue likely lies in the network configuration on the machine where cURL is running.
As there isn't anything actionable in this library, hence closing this issue.
I can only write here, and other places will fall into disarray.
background:
I used the service account to obtain the JWT assertion, and then I tried to send a request to the https://oauth2.googleapis.com/token interface to obtain the access_token on the node side and curl, but both errors were reported.
error information:
curl: (28) Failed to connect to oauth2.googleapis.com port 443 after 227030 ms: Couldn't connect to server
Phenomenon:
1.postman:
code: curl --location --request POST 'https://oauth2.googleapis.com/token?grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJlZDVhNDMwNGIwOWI4OGI2OGM3NzE1ZTJhZjI0ZWQxNmM1ZDUyNjQifQ.eyJpc3MiOiJzaG9wcGluZ0BhZmZpbGlhdGV0cmFmZmljLTQxNzIxMS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InNob3BwaW5nQGFmZmlsaWF0ZXRyYWZmaWMtNDE3MjExLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL3VzZXJpbmZvLnByb2ZpbGUgaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC91c2VyaW5mby5lbWFpbCBvcGVuaWQgaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC9jb250ZW50IiwiYXVkIjoiaHR0cHM6Ly9vYXV0aDIuZ29vZ2xlYXBpcy5jb20vdG9rZW4iLCJpYXQiOjE3MTA0Njk2NTgsImV4cCI6MTcxMDQ3MzI1OH0.dt3RADvQhUaUohELWNaGe1PfxcOXmSmj4KfkXe7vf-ZAdAoek5Z-A9R1rOdZGt-2MWBKL-DALMMVwJq7nE5JvPQUf2j4mQ34nBVGbDCLJKRpisbV9QdFgghXqyHS8Yvdq4FNn4pHllbFsK082nW0G2-IQ3S_JEUR6iqxcAfZhsMpgv3cV9OstwgDxPxsn-gZeX86dKPLRFXqu92q-r8S9N2jJ4D4GQeZd5dz7xT4H1cjjpSps1m7gqKFui06FXrDx9-lieEJB1xNJZ8t5xJA1kqOvb5T7F_mVTvNo_ehKv7-7vSIXJiDEEK0GuXsD2H8o1wTZ3KBbyeNkYDZZcnxPQ' \ --header 'content-type: application/x-www-form-urlencoded' \ --data ''
postman returns data:
{ "access_token": "ya29.c.c0AY_VpZgiLzFRUwaZIq8IgvaBRwcalgPvRk9_0ldsfLc46bIAxKTXWrUoRiEc2qaadiiN-FWgVTo5_BFOMJjwnQr2oWjz_v1wo9RbAzdTykpqZdfawmzMt9Zin1Kyvt_lWFNwd9KuVWNkIDcgcWNR3x1ZzQ4OecqHI1dVDZBXCwswbbw7sCKoa2uC_7Iaud3Adgyvu_dh0mcIgx80fqTQ-wcdSZ0tk98Db_j_BUNA8ULsBIhck4mkdn8eJVB7WWD5kwBfmZQRsjX9jn2KukZv0TWDwMyvsrmVMK1BF2XLwC4q6Xd2pGZ4TVuP1uaYIZ0iAioNvzi1mL-uPltlWqGW0Paa41hRT6yhTs_AkcwQyud1DeOPLiz-aqaFyLai-wG391CjezI1ivvdIegmqQvh1iv2eSgR9fJezZhpwvWnXcmIQJ402b0sMIaWqZid9ZpBdRrxhtBwoM9-5-56x2x46ze4is14J7syIWfnmWfp5151Y50O-ZW449y7l8ipyonuqRh96MOIX9VroF-x5llid2V1-MFrZW6Md2IXUl-rV-5FRBmuj891rsg5a71U-kq3pQ9BZSXMrb41p_k8iU7mUymx1k07-eOpQdc8dbg2Jw5jtWFor_irtjBmmswM477W5jIb1dRxgRhZ7eS_JfJaorUs_B7ZF5oI4mc8nixulMcSQBlBb0Xmoaxz_xt2eV_u2WqlVjXR1bbQ33ecBIc2rkrS4462epe8btxnYIcV7JjYZX0kor2nfZ59sgUXRuqMqm15OIl2qkOundUmUqOeQai-djt_SWlwUVMmswolkxIOojyxRelRyuOySBJ9B3hi5_QQVowiV71-4fXdxSmpeJrXcJmZkRjsbomcdkyRy1Sqep_a7Vm4lv-Qxx0p995Jw0lz0hs-2tqbxZcMXUwgJfp7fmUWX-hc7tUsr6Y3bxXQrII4J0ksqsOV0e4_QdmZoBYgeQ6MRft7jXi6m3F0MBXbbS_4Qhaw7rhWWwmjYbqpn-6XphyfQnh", "expires_in": 3599, "token_type": "Bearer" }
I deduced that it is possible to send requests on the postman and browser side, but not on curl and node http, as follows:
2.curl & node:
code (same code as postman): curl --location --request POST 'https://oauth2.googleapis.com/token?grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJlZDVhNDMwNGIwOWI4OGI2OGM3NzE1ZTJhZjI0ZWQxNmM1ZDUyNjQifQ.eyJpc3MiOiJzaG9wcGluZ0BhZmZpbGlhdGV0cmFmZmljLTQxNzIxMS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InNob3BwaW5nQGFmZmlsaWF0ZXRyYWZmaWMtNDE3MjExLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL3VzZXJpbmZvLnByb2ZpbGUgaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC91c2VyaW5mby5lbWFpbCBvcGVuaWQgaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC9jb250ZW50IiwiYXVkIjoiaHR0cHM6Ly9vYXV0aDIuZ29vZ2xlYXBpcy5jb20vdG9rZW4iLCJpYXQiOjE3MTA0Njk2NTgsImV4cCI6MTcxMDQ3MzI1OH0.dt3RADvQhUaUohELWNaGe1PfxcOXmSmj4KfkXe7vf-ZAdAoek5Z-A9R1rOdZGt-2MWBKL-DALMMVwJq7nE5JvPQUf2j4mQ34nBVGbDCLJKRpisbV9QdFgghXqyHS8Yvdq4FNn4pHllbFsK082nW0G2-IQ3S_JEUR6iqxcAfZhsMpgv3cV9OstwgDxPxsn-gZeX86dKPLRFXqu92q-r8S9N2jJ4D4GQeZd5dz7xT4H1cjjpSps1m7gqKFui06FXrDx9-lieEJB1xNJZ8t5xJA1kqOvb5T7F_mVTvNo_ehKv7-7vSIXJiDEEK0GuXsD2H8o1wTZ3KBbyeNkYDZZcnxPQ' \ --header 'content-type: application/x-www-form-urlencoded' \ --data ''
error message:
curl: (28) Failed to connect to oauth2.googleapis.com port 443 after 227030 ms: Couldn't connect to server
Appeal:
curl & node http can normally request the https://oauth2.googleapis.com/token interface and return reasonable data.
I saw that the same problem occurred https://developers.google.com/identity/protocols/oauth2/service-account?authuser=1&hl=zh-cn#httprest. I think this is easy to reproduce. Brother, you can try it. This problem also exists in the official documents.