search

ip2k / google-api-ruby-client

Automatically exported from code.google.com/p/google-api-ruby-client
Apache License 2.0
0 stars 0 forks source link

invalid_grant using Service Account #63

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Using version 0.4.6 on Ubuntu

I cannot get the Service Account authorization to work for the prediction API.  
Possible bug? Any way to troubleshoot?

Trying to use Service Account auth as described here:
https://code.google.com/p/google-api-ruby-client/wiki/ServiceAccounts

in order to use the Prediction API.

I created a Service Account Client ID, downloaded the .p12 private key file.  
When I do the asserter.authorize I get:

Authorization failed.  Server message:
{
  "error" : "invalid_grant"
}

Any idea what could be wrong and/or how to troubleshoot?

My code looks like this:

    @client = Google::APIClient.new
    key = Google::APIClient::PKCS12.load_key("#{RAILS_ROOT}/whatever-privatekey.p12", '<the_passphrase>')

    asserter = Google::APIClient::JWTAsserter.new(
        '<my_client_id>',
        'https://www.googleapis.com/auth/prediction',
        key)

    @client.authorization = asserter.authorize()

Original issue reported on code.google.com by m...@9summer.com on 25 Sep 2012 at 12:55

GoogleCodeExporter commented 9 years ago 
BTW - from what I've read elsewhere I should be passing in the email address 
instead of the client id.

I've tried replacing <my_client_id> with <my_service_account_email_address> and 
I still get the same error.

Original comment by m...@9summer.com on 26 Sep 2012 at 5:49

GoogleCodeExporter commented 9 years ago 
Just tried with 0.4.6 and still works. One issue I did run into is the service 
accounts seems very sensitive to clock skew. The default expiry in 
service_account.rb is one minute, so if your clock isn't right, that could be 
the issue. Make sure your clock is synced or try increasing the expiry with:

asserter.expiry= num_seconds

Try that and let me know how it goes.

Original comment by sba...@google.com on 26 Sep 2012 at 6:46

GoogleCodeExporter commented 9 years ago 
Thanks for testing it out.  My clock is in sync and I tried bumping the expiry 
way up for the fun of it.  Still getting the same error.

Any other things to try.  I'm not sure how to troubleshoot further at this 
point.

Original comment by m...@9summer.com on 26 Sep 2012 at 6:54

GoogleCodeExporter commented 9 years ago 
Fixed in next version (0.5). Discussed with Mike off this thread, and issue was 
indeed timing related, but for the issued at time, not expiry. Added a new 
property to adjust for clock skew on the issued at time which should make this 
more forgiving.

Original comment by sba...@google.com on 4 Oct 2012 at 11:05