Closed jomido closed 6 years ago
Thanks for reporting.
@JustinBeckwith @ofrobots it does look like we need to make a small adjustment to how we instantiate the JWT client. However, even after doing so, I receive an error when trying to use a .p12 file:
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Sign.sign (internal/crypto/sig.js:85:26)
at Object.sign (C:\Users\sawch\dev\google-auto-auth\node_modules\jwa\index.js:55:45)
at Object.jwsSign [as sign] (C:\Users\sawch\dev\google-auto-auth\node_modules\jws\lib\sign-stream.js:23:24)
at GoogleToken.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:223:33)
at step (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:42:23)
at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:23:53)
at C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:17:71
at new Promise (<anonymous>)
at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:13:12)
at GoogleToken.requestToken (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:209:16)
at GoogleToken.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:149:56)
at step (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:42:23)
at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:23:53)
at C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:17:71
at new Promise (<anonymous>)
at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:13:12)
at GoogleToken.getTokenAsync (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:102:16)
at GoogleToken.getToken (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:99:21)
at JWT.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:197:58)
at step (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:57:23)
at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:38:53)
at C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:32:71
at new Promise (<anonymous>)
at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:28:12)
at JWT.refreshToken (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\jwtclient.js:181:16)
at JWT.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:244:51)
at step (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:57:23)
at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:38:53)
at C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:32:71
at new Promise (<anonymous>)
at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:28:12)
at JWT.OAuth2Client.refreshAccessTokenAsync (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:236:16)
at JWT.OAuth2Client.refreshAccessToken (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:232:25)
at JWT.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:276:51)
at step (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:57:23)
at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:38:53)
at C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:32:71
at new Promise (<anonymous>)
at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:28:12)
at JWT.OAuth2Client.getAccessTokenAsync (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:266:16)
at JWT.OAuth2Client.getAccessToken (C:\Users\sawch\dev\google-auto-auth\node_modules\google-auth-library\build\src\auth\oauth2client.js:257:18)
at getAuthClient (C:\Users\sawch\dev\google-auto-auth\index.js:204:14)
at authClientPromise.then (C:\Users\sawch\dev\google-auto-auth\index.js:133:7)
at <anonymous>
at process._tickCallback (internal/process/next_tick.js:188:7)
gtoken still supports .p12 files as far as I can tell. Could I be doing something wrong?
const googleAuthLibrary = require('google-auth-library')
const authClient = new googleAuthLibrary.JWT({
email: 'service-account-email',
keyFile: 'path/to/key.p12',
key: 'notasecret'
});
authClient.getAccessToken(console.log)
// error above
(The .p12 file was just downloaded from the Developer's Console (https://console.cloud.google.com/apis/credentials))
Can you share the exact code snippet that reproduces the error? The call stack you shared doesn't appear to have google-auth-library anywhere in it 0_0. This should work.
Woops, updated.
Here's a saner one: it doesn't even show google-auth-library in the stacktrace... so... not sure what that's about.
const googleAuthLibrary = require('google-auth-library')
const authClient = new googleAuthLibrary.JWT({
email: 'stephen-windows@nth-circlet-705.iam.gserviceaccount.com',
keyFile: './key.p12',
key: 'notasecret'
});
authClient.getAccessToken(console.log)
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Sign.sign (internal/crypto/sig.js:85:26)
at Object.sign (C:\Users\sawch\dev\google-auto-auth\node_modules\jwa\index.js:55:45)
at Object.jwsSign [as sign] (C:\Users\sawch\dev\google-auto-auth\node_modules\jws\lib\sign-stream.js:23:24)
at GoogleToken.<anonymous> (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:223:33)
at step (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:42:23)
at Object.next (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:23:53)
at C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:17:71
at new Promise (<anonymous>)
at __awaiter (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:13:12)
at GoogleToken.requestToken (C:\Users\sawch\dev\google-auto-auth\node_modules\gtoken\build\src\index.js:209:16)
That call stack still doesn't have google-auth-library in it 😂
Check https://github.com/stephenplusplus/google-auto-auth/issues/45#issuecomment-370584488, as buried as it is, it's in there! A polite DIY request might be required here (please 😄), because it definitely comes through google-auth-library.
I will move this part of the request over to an issue on google-auth-library.
For now, I've got a PR coming to properly instantiate a JWT client, which hopefully will fix the .pem case.
Ahhh, there we go. I needed to refresh the page! Apologies man. Taking a look.
Oh bother, I see the problem. You're defining both the key
AND the keyFile
. Key is meant to be the plain text base64 encoded PEM that's embedded in the *.json file. If you provide a p12 in the keyFile, you don't need to include a key. gToken is trying to parse notasecret
as a PEM file :)
Just leave off the key
and this will work. I filed https://github.com/google/google-auth-library-nodejs/issues/311 to track giving a better error message here.
D'oh, thank you for that!
@jomido I just released a new patch version of this module, so a fresh un- and re-install should pick up the changes, and hopefully fix the issue. Thanks again for reporting!
Awesome work - thanks.
This line fails with the following error:
I am using
@google-cloud/storage
, which I believe pulls this package in as a dependency. If I roll back to1.5.2
, then all is well.Was there more of a change to the
google-auth-library
than anticipated?One can repro like so: