search

googleworkspace / apps-script-oauth2

An OAuth2 library for Google Apps Script.
https://developers.google.com/apps-script/
Apache License 2.0
1.56k stars 429 forks source link

unsupported_grant_type - Error #311

Closed sankarcn closed 3 years ago

sankarcn commented 3 years ago

There might me some issue in my scopes etc, but I am facing the below issue.

I am using a Service Account to get the access token for Bigquery API call. I am getting "Error: Access not granted or expired." Error. I debugged the Oauth2.gs code and found that a urlfetch is giving a 400 error from the function while it works good in postman. https://accounts.google.com/o/oauth2/token {"method":"post","headers":{"Accept":"application/json"},"payload":{"assertion":"XXXX","grant_type":"urn:ietf:params:oauth:grant-type:jwt-bearer"},"muteHttpExceptions":true} Gives a 400 return code With the response: { "error": "unsupported_grant_type", "error_description": "Invalid grant_type: " } While in POSTMAN it gives me a proper response. { "access_token": "XXXX", "expires_in": 3599, "token_type": "Bearer" }

erickoledadevrel commented 3 years ago

What does your code look like? Is it the same as the Service Account sample: https://github.com/googleworkspace/apps-script-oauth2/blob/eebdf7884b019dac5160f6554059bf9537fda1cd/samples/GoogleServiceAccount.gs ?

On Tue, Jun 29, 2021, 12:56 PM sankarcn @.***> wrote:

There might me some issue in my scopes etc, but I am facing the below issue.

I am using a Service Account to get the access token for Bigquery API call. I am getting "Error: Access not granted or expired." Error. I debugged the Oauth2.gs code and found that a urlfetch is giving a 400 error from the function while it works good in postman. https://accounts.google.com/o/oauth2/token

{"method":"post","headers":{"Accept":"application/json"},"payload":{"assertion":"XXXX","grant_type":"urn:ietf:params:oauth:grant-type:jwt-bearer"},"muteHttpExceptions":true} Gives a 400 return code With the response: { "error": "unsupported_grant_type", "error_description": "Invalid grant_type: " } While in POSTMAN it gives me a proper response. { "access_token": "XXXX", "expires_in": 3599, "token_type": "Bearer" }

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/googleworkspace/apps-script-oauth2/issues/311, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHSBGDVH7CLJLZGHU3YFMTTVH3M7ANCNFSM47QUG66A .

sankarcn commented 3 years ago

What does your code look like? Is it the same as the Service Account sample: https://github.com/googleworkspace/apps-script-oauth2/blob/eebdf7884b019dac5160f6554059bf9537fda1cd/samples/GoogleServiceAccount.gs ? On Tue, Jun 29, 2021, 12:56 PM sankarcn @.***> wrote: There might me some issue in my scopes etc, but I am facing the below issue. I am using a Service Account to get the access token for Bigquery API call. I am getting "Error: Access not granted or expired." Error. I debugged the Oauth2.gs code and found that a urlfetch is giving a 400 error from the function while it works good in postman. https://accounts.google.com/o/oauth2/token {"method":"post","headers":{"Accept":"application/json"},"payload":{"assertion":"XXXX","grant_type":"urn:ietf:params:oauth:grant-type:jwt-bearer"},"muteHttpExceptions":true} Gives a 400 return code With the response: { "error": "unsupported_grant_type", "error_description": "Invalid grant_type: " } While in POSTMAN it gives me a proper response. { "access_token": "XXXX", "expires_in": 3599, "token_type": "Bearer" } — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#311>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHSBGDVH7CLJLZGHU3YFMTTVH3M7ANCNFSM47QUG66A .

Here is how it is. Very simiar. `function GetBigQueryAuthorizationHeader() { var Service = getOAuthService(); Service.reset(); var AuthorizationHeader = "Bearer " + Service.getAccessToken(); if (!Service.hasAccess()) { var CurrentTime = new Date(); console.log("Error access issue in BigQuery (GetBigQueryAuthorizationHeader):" + " occured at:" + CurrentTime) DataStudioApp.createCommunityConnector().newUserError() .setDebugText("Error in BigQuery Access" + " occured at:" + CurrentTime) .setText("Error in BigQuery Access" + " occured at:" + CurrentTime) . throwException();
} return AuthorizationHeader; }

function getOAuthService(user) { return OAuth2.createService("Service Account") .setTokenUrl('https://accounts.google.com/o/oauth2/token') .setPrivateKey(BIG_QUERY_CRED.private_key) .setIssuer(BIG_QUERY_CRED.client_email) .setSubject(BIG_QUERY_CRED.user_email) .setPropertyStore(PropertiesService.getScriptProperties()) .setCache(CacheService.getScriptCache()) .setScope('https://www.googleapis.com/auth/bigquery'); }

function reset() { var Service = getOAuthService(); Service.reset();

} `

sankarcn commented 3 years ago

It was working for many days and suddenly stopped working from yesterday

sankarcn commented 3 years ago

I added "https://accounts.google.com/" go the UrlFetchWhitelist in manifest and it is working now. Not sure how it was working before and failed suddenly. This is in google datastudio connector.