search

stephenplusplus / google-auto-auth

Making it as easy as possible to authenticate a Google API request
MIT License
34 stars 9 forks source link

GoogleAuth.JWT() fails #45

Closed jomido closed 6 years ago

jomido commented 6 years ago

This line fails with the following error:

/node_modules/google-auto-auth/index.js:108
            var authClient = new googleAuthClient.JWT();
                             ^

TypeError: googleAuthClient.JWT is not a constructor
    at fs.readFile (/app/node_modules/google-auto-auth/index.js:108:30)
    at FSReqWrap.readFileAfterClose [as oncomplete] (fs.js:511:3)

I am using @google-cloud/storage, which I believe pulls this package in as a dependency. If I roll back to 1.5.2, then all is well.

Was there more of a change to the google-auth-library than anticipated?

One can repro like so:

> var GoogleAuth = require('google-auth-library').GoogleAuth;
> var googleAuthClient = new GoogleAuth();
> var authClient = new googleAuthClient.JWT();
TypeError: googleAuthClient.JWT is not a constructor
    at repl:1:18
    at ContextifyScript.Script.runInThisContext (vm.js:50:33)
    at REPLServer.defaultEval (repl.js:240:29)
    at bound (domain.js:301:14)
    at REPLServer.runBound [as eval] (domain.js:314:12)
    at REPLServer.onLine (repl.js:442:10)
    at emitOne (events.js:121:20)
    at REPLServer.emit (events.js:211:7)
    at REPLServer.Interface._onLine (readline.js:282:10)
    at REPLServer.Interface._line (readline.js:631:8)
>
stephenplusplus commented 6 years ago

Thanks for reporting.

@JustinBeckwith @ofrobots it does look like we need to make a small adjustment to how we instantiate the JWT client. However, even after doing so, I receive an error when trying to use a .p12 file:

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Sign.sign (internal/crypto/sig.js:85:26)
    at Object.sign (C:\Users\sawch\dev\google-auto-auth\node_modules\jwa\index.js:55:45)
    at Object.jwsSign [as sign] (C:\Users\sawch\dev\google-auto-auth\node_modules\jws\lib\sign-stream.js:23:24)
    at GoogleToken.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:223:33)
    at step (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:42:23)
    at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:23:53)
    at C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:17:71
    at new Promise (<anonymous>)
    at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:13:12)
    at GoogleToken.requestToken (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:209:16)
    at GoogleToken.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:149:56)
    at step (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:42:23)
    at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:23:53)
    at C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:17:71
    at new Promise (<anonymous>)
    at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:13:12)
    at GoogleToken.getTokenAsync (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:102:16)
    at GoogleToken.getToken (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:99:21)
    at JWT.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:197:58)
    at step (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:57:23)
    at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:38:53)
    at C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:32:71
    at new Promise (<anonymous>)
    at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:28:12)
    at JWT.refreshToken (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:181:16)
    at JWT.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:244:51)
    at step (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:57:23)
    at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:38:53)
    at C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:32:71
    at new Promise (<anonymous>)
    at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:28:12)
    at JWT.OAuth2Client.refreshAccessTokenAsync (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:236:16)
    at JWT.OAuth2Client.refreshAccessToken (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:232:25)
    at JWT.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:276:51)
    at step (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:57:23)
    at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:38:53)
    at C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:32:71
    at new Promise (<anonymous>)
    at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:28:12)
    at JWT.OAuth2Client.getAccessTokenAsync (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:266:16)
    at JWT.OAuth2Client.getAccessToken (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:257:18)
    at getAuthClient (C:\Users\sawch\dev\google-auto-auth\index.js:204:14)
    at authClientPromise.then (C:\Users\sawch\dev\google-auto-auth\index.js:133:7)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:188:7)

gtoken still supports .p12 files as far as I can tell. Could I be doing something wrong?

const googleAuthLibrary = require('google-auth-library')
const authClient = new googleAuthLibrary.JWT({
  email: 'service-account-email',
  keyFile: 'path/to/key.p12',
  key: 'notasecret'
});
authClient.getAccessToken(console.log)
// error above

(The .p12 file was just downloaded from the Developer's Console (https://console.cloud.google.com/apis/credentials))

JustinBeckwith commented 6 years ago

Can you share the exact code snippet that reproduces the error? The call stack you shared doesn't appear to have google-auth-library anywhere in it 0_0. This should work.

stephenplusplus commented 6 years ago

Woops, updated.

stephenplusplus commented 6 years ago

Here's a saner one: it doesn't even show google-auth-library in the stacktrace... so... not sure what that's about.

const googleAuthLibrary = require('google-auth-library')
const authClient = new googleAuthLibrary.JWT({
  email: 'stephen-windows@nth-circlet-705.iam.gserviceaccount.com',
  keyFile: './key.p12',
  key: 'notasecret'
});
authClient.getAccessToken(console.log)
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Sign.sign (internal/crypto/sig.js:85:26)
    at Object.sign (C:\Users\sawch\dev\google-auto-auth\node_modules\jwa\index.js:55:45)
    at Object.jwsSign [as sign] (C:\Users\sawch\dev\google-auto-auth\node_modules\jws\lib\sign-stream.js:23:24)
    at GoogleToken.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:223:33)
    at step (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:42:23)
    at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:23:53)
    at C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:17:71
    at new Promise (<anonymous>)
    at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:13:12)
    at GoogleToken.requestToken (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:209:16)
JustinBeckwith commented 6 years ago

That call stack still doesn't have google-auth-library in it 😂

stephenplusplus commented 6 years ago

Check https://github.com/stephenplusplus/google-auto-auth/issues/45#issuecomment-370584488, as buried as it is, it's in there! A polite DIY request might be required here (please 😄), because it definitely comes through google-auth-library.

stephenplusplus commented 6 years ago

I will move this part of the request over to an issue on google-auth-library.

For now, I've got a PR coming to properly instantiate a JWT client, which hopefully will fix the .pem case.

JustinBeckwith commented 6 years ago

Ahhh, there we go. I needed to refresh the page! Apologies man. Taking a look.

JustinBeckwith commented 6 years ago

Oh bother, I see the problem. You're defining both the key AND the keyFile. Key is meant to be the plain text base64 encoded PEM that's embedded in the *.json file. If you provide a p12 in the keyFile, you don't need to include a key. gToken is trying to parse notasecret as a PEM file :)

Just leave off the key and this will work. I filed https://github.com/google/google-auth-library-nodejs/issues/311 to track giving a better error message here.

stephenplusplus commented 6 years ago

D'oh, thank you for that!

@jomido I just released a new patch version of this module, so a fresh un- and re-install should pick up the changes, and hopefully fix the issue. Thanks again for reporting!

jomido commented 6 years ago

Awesome work - thanks.