search

tidyverse / googlesheets4

Google Spreadsheets R API (reboot of the googlesheets package)
https://googlesheets4.tidyverse.org
Other
355 stars 51 forks source link

authentication problems on GitHub Actions - gs4_auth #293

Closed felippelazar closed 1 year ago

felippelazar commented 1 year ago

Hi,

I have a github action with R that automatically checks a google sheets and send emails based on the google sheets rows (check by date). This was working without any problems until yesterday (since March/23, working well until yesterday), when it started giving me error during authentication.

I'm using a cache authentication with gs4_auth(). Here is the problem debugger when running gs4_auth()

It works well in R Studio. NOTE: I have changed my email address from the log to preserve anonimity. 

trying `token_fetch()`
Trying `credentials_byo_oauth()` ...
Error caught by `token_fetch()`:
inherits(token, "Token2.0") is not TRUE
trying `credentials_service_account()`
Error caught by `token_fetch()`:
Argument 'txt' must be a JSON string, URL or file.
trying `credentials_external_account()`
aws.ec2metadata not installed; can't detect whether running on EC2 instance
trying `credentials_app_default()`
Trying `credentials_gce()` ...
✖ We don't seem to be on GCE.
trying `credentials_user_oauth2()`
attempt to access internal gargle data from: googlesheets4
Gargle2.0 initialize
adding "userinfo.email" scope
loading token from the cache
email: '#############'
oauth client name: tidyverse-clio
oauth client name: installed
oauth client id:
603366585[13](https://github.com/felippelazar/mailSenderICESP/actions/runs/5248394269/jobs/9479817178#step:5:14)2-dpeg5tt0et3go5of[23](https://github.com/felippelazar/mailSenderICESP/actions/runs/5248394269/jobs/9479817178#step:5:24)74d83ifevk5086.apps.googleusercontent.com
scopes: ...spreadsheets, ...userinfo.email
token(s) found in cache:
d67d4efb39eee449dc6293[25](https://github.com/felippelazar/mailSenderICESP/actions/runs/5248394269/jobs/9479817178#step:5:26)02fd8a0f_######
token we are looking for:
no matching token in the cache

Here is as well my YAML code

jobs:
  render:
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@master
      - name: Set up R
        uses: r-lib/actions/setup-r@v2
      - name: Install dependencies
        run: |
          install.packages("openssl", type = "win.binary")
          install.packages("curl", type = "win.binary")
          install.packages("devtools", type = "win.binary")
          install.packages("blastula", type = "win.binary")
          install.packages("googlesheets4", type = "win.binary")
          install.packages("glue", type = "win.binary")
          install.packages("rlang", type = "win.binary")
          install.packages("rmarkdown", type = "win.binary")
          install.packages("kableExtra", type = "win.binary")
        shell: Rscript {0}
      - name: Script
        run: Rscript mailSender_v2.R
jennybc commented 1 year ago

I can think of at least 2 reasons for this. gargle (and googlesheets4 and googledrive) just all updated on CRAN.

There are changes in gargle that may mean you need to re-cache the token you're using. In particular, if you obtained this token using the built-in tidyverse OAuth client, you probably need to go through the OAuth dance again interactively. That's the somewhat expected issue.

(I've also found a bug in the just-released gargle 1.5.0, which I've fixed and will soon put in a patch release. However, I don't think this bug would be affecting you.)

felippelazar commented 1 year ago

There are changes in gargle that may mean you need to re-cache the token you're using. In particular, if you obtained this token using the built-in tidyverse OAuth client, you probably need to go through the OAuth dance again interactively. That's the somewhat expected issue.

Hi @jennybc,

Your solution worked like a charm. I created another cached token (OAuth client), uploaded and it worked. Thank you.

Best,

Felippe

jennybc commented 1 year ago

That is the downside of using a user token for such a purpose. A user token is really meant to be a rather ephemeral and perishable thing, because the assumption is that there's always an interactive user close by, if you need to mint a new one. So you'll have to be at peace with re-making it periodically. That being said, sometimes there's a reason why you really need that instead of, e.g., a service account token.