I am converting a PHP application to access Google calendar to Go. I used this step by step to get started.
All went smoothly, but when I run quickstart.go, I get the following error:
Unable to parse client secret file to config: oauth2/google: missing
redirect URL in the client_credentials.json exit status 1
Content of the client_secret.json is:
{
"installed":{
"client_id":"***********content.com",
"project_id":"*******",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs"
}
}
That client_secret.json file is located at the root of my GOPATH as instructed in the step by step
I already have aOAuth 2.0 client ID for my PHP app that works just fine in PHP. I just want to use that one in the a new Go application to access multiple user calendars, but when I download the json file attached to that ID, I am getting the error above. Maybe the quickstart.go is not meant for that usage.
Any hints?
When you create OAuth credentials at https://console.developers.google.com/apis/credentials the dialog initially prompts you to "Configure your OAuth client" and you can choose between "Web application", "Desktop app", etc.
The client.json obtained for the generated OAuth credentials may not contain a "Return URL", depending on the type chosen initially.
For example, for "Web application" the client.json does not have a redirect URL:
{
"web": {
"client_id": "x.apps.googleusercontent.com",
"project_id": "x",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "x"
}
}
While for a "Desktop app" it has:
{
"installed": {
"client_id": "x.apps.googleusercontent.com",
"project_id": "x",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "x",
"redirect_uris": [
"urn:ietf:wg:oauth:2.0:oob",
"http://localhost"
]
}
}
The Go oauth.google module always requires a return URI: https://github.com/golang/oauth2/blob/0f29369cfe4552d0e4bcddc57cc75f4d7e672a33/google/google.go#L61
Related
We are Using Apache Nifi to Publish events to PubsubLite using (PublishGCPubSubLite 1.17.0) Nifi processor.
GCP SA json files contains below field:
{
"type": "service_account",
"project_id": "",
"private_key_id": "",
"private_key": "",
"client_email": "",
"client_id": "",
"auth_uri": "",
"token_uri": "",
"auth_provider_x509_cert_url": "",
"client_x509_cert_url": ""
}
We tried using type:"service_account" and it is getting failed to communicate. and we are getting the below error,
PublishGCPubSubLite[id=7f9baf80-0184-1000-ffff-ffff8ec321b3] Failed to create Google Cloud PubsubLite Publisher: com.google.api.gax.rpc.UnauthenticatedException: io.grpc.StatusRuntimeException: UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
Caused by: io.grpc.StatusRuntimeException: UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
From Nifi server we tested the connectivity and credential, it is working:
./google-cloud-sdk/bin/gcloud auth login --cred-file gcp.json
Authenticated with service account credentials for: [#.iam.gserviceaccount.com].
Your current project is [None]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
Please suggest how to make connection to PubsubLite on Apache Nifi
I am working with Google Cloud in Go and following this article by John Hanley:
https://www.jhanley.com/google-cloud-improving-security-with-impersonation/
and mashed it with this SO answer:
How to authenticate Google APIs (Google Drive API) from Google Compute Engine and locally without downloading Service Account credentials?
The credentials are successfully saved to, "application_default_credentials.json":
Notice: "type": "impersonated_service_account"
{
"delegates": [],
"service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/[sa#example-2021.iam.gserviceaccount.com]:generateAccessToken",
"source_credentials": {
"client_id": "...apps.googleusercontent.com",
"client_secret": "...",
"refresh_token": "...",
"type": "authorized_user"
},
"type": "impersonated_service_account"
}
My code which produces an unknown credential type: "impersonated_service_account" error:
package main
import (
...
"cloud.google.com/go/storage"
"golang.org/x/oauth2"
"google.golang.org/api/docs/v1"
"google.golang.org/api/drive/v3"
"google.golang.org/api/impersonate"
"google.golang.org/api/option"
...
)
var Config.GoogleServiceAccount string = "sa#example-2021.iam.gserviceaccount.com"
func main(){
_ = getTokenAsImpersonator()
}
// From: https://pkg.go.dev/google.golang.org/api/impersonate#example-CredentialsTokenSource-ServiceAccount
func getTokenAsImpersonator() oauth2.TokenSource {
ctx := context.Background()
// Base credentials sourced from ADC or provided client options.
ts, err := impersonate.CredentialsTokenSource(ctx, impersonate.CredentialsConfig{
TargetPrincipal: Config.GoogleServiceAccount,
Scopes: []string{"https://www.googleapis.com/auth/cloud-platform"},
// Delegates: []string{"bar#project-id.iam.gserviceaccount.com"},
})
if err != nil {
log.Fatal(err)
}
return ts
}
The 'unknown credential type: "impersonated_service_account"' error:
google: error getting credentials using GOOGLE_APPLICATION_CREDENTIALS environment variable: unknown credential type: "impersonated_service_account"
Have I done something wrong or is this a bug?
UPDATE
Answering John's questions from the comments:
1.
a) What is the value of the environment variable GOOGLE_APPLICATION_CREDENTIALS?
GOOGLE_APPLICATION_CREDENTIALS=/Users/x/.config/gcloud/application_default_credentials.json
b) What command did you use to generate application_default_credentials.json?
gcloud auth application-default login --scopes=https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/accounts.reauth,openid --impersonate-service-account=[sa#example-2021.iam.gserviceaccount.com]
Response:
Credentials saved to file: [/Users/x/.config/gcloud/application_default_credentials.json]
c)Which OS and version?
MacOS 10.13.6
d)gcloud --version?
Google Cloud SDK 343.0.0
app-engine-go
app-engine-python 1.9.91
bq 2.0.69
cloud-datastore-emulator 2.1.0
core 2021.05.27
gsutil 4.62
If you can create a minimum example ...
I have updated the example code above.
At some point I had used the CLI to impersonate an account:
gcloud config set auth/impersonate_service_account <service account>
Then later on when trying to use the application default credentials command it wraps your credentials with the service account credentials.
gcloud auth application-default login
What you end up with is a file that looks like this:
{
"delegates": [],
"service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/example#example-project.iam.gserviceaccount.com:generateAccessToken",
"source_credentials": {
"client_id": "123abc.apps.googleusercontent.com",
"client_secret": "XXXXXXXXX",
"refresh_token": "XXXXXXXXX",
"type": "authorized_user"
},
"type": "impersonated_service_account"
}
This appears to cause a lot of problems with third party services such as terraform.
What is strange is that Terraform is just making API calls to Google using Google SDKs, so really its something to do with Google.
You need to remove the impersonation:
gcloud config unset auth/impersonate_service_account
And then run the application default credential command again:
gcloud auth application-default login
Now if you check your file it should look like this:
{
"client_id": "XXXXXXXXX",
"client_secret": "XXXXXXXXX",
"quota_project_id": "example-project",
"refresh_token": "XXXXXXXXXX",
"type": "authorized_user"
}
I was hitting the same issue when I was trying to impersonate an account so I could run Terraform commands as a service account instead of my personal account but it doesn't like that.
EDIT: Rereading you question it sounds like you're in the same boat as me. We want to use service accounts without physically downloading the keys. This is even mentioned by Google as best practice. But doing so is causing issues with their own SDKs.
I had the same issue running GCP Terraform provider tests. You can specify the Service Account Terraform have to impersonate setting the env variable GOOGLE_IMPERSONATE_SERVICE_ACCOUNT (documentation).
Configuration steps:
export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=SERVICE_ACCOUNT#PROJECT_ID.iam.gserviceaccount.com
gcloud auth application-default login
I am following the below to set up a config server in PCF and access the application in PCF.
https://github.com/pcf-guides/gs-configuration-server
I have added the config server from the PCF marketplace and it is bind with the app.
The config server is pointed to the following Git repository:
https://github.com/pcf-guides/configuration-server-config-repo.git
The VCAP_SERVICES is like below :
"p-config-server": [
{
"binding_name": null,
"credentials": {
"access_token_uri": "https://p-spring-cloud-
services.uaa.run.pivotal.io/oauth/token",
"client_id": "p-config-server-d837bb39-4cf1-47ce-994b-03257852a7f6",
"client_secret": "XXsWzX6IhKME",
"uri": "https://config-9f0e115f-dbb0-42e8-981a-e70e2cd62570.cfapps.io"
},
"instance_name": "sconfigserver",
"label": "p-config-server",
"name": "sconfigserver",
"plan": "trial",
"provider": null,
"syslog_drain_url": null,
"tags": [
"configuration",
"spring-cloud"
Whenever I am trying to access the application authentication error is coming :
Full authentication is required to access this resource.
I dont have any security configuration in the application.
In your application.properties file, you should add the following
management.security.enabled=false
This will disable security altogether.
I tried this in my main application class and worked fine for me
#SpringBootApplication(exclude = {SecurityAutoConfiguration.class , ManagementWebSecurityAutoConfiguration.class})
How do I configure my self-distrubuted firefox webExtension to auto-update, I have tried following MDN update doc but still unable to update.
My web Extension is hosted on a sub-domain name like
"https://files.example.com/myfile/extension.xpi"
My updates.json file resides at the same location with my .xpi file
This is a prototype of my updates.json
{
"addons": {
"updates": [ { "version": "1.2",
"update_link": "https://files.abc.com/myfiles/extension-1.2-an+fx.xpi" },
{ "version": "1.3",
"update_link": "https://files.abc.com/myfiles/extension-1.3-an+fx.xpi" }
]
}
}
This is the gibberish I get from browser console
1535658478365 addons.update-checker WARN onUpdateCheckComplete failed
to parse update manifest: [Exception... "Update manifest is missing a
required addons property." nsresult: "0x80004005 (NS_ERROR_FAILURE)"
location: "JS frame ::
resource://gre/modules/addons/AddonUpdateChecker.jsm ::
getRequiredProperty :: line 120" data: no] Stack trace:
getRequiredProperty()#resource://gre/modules/addons/AddonUpdateChecker.jsm:120
parseJSONManifest()#resource://gre/modules/addons/AddonUpdateChecker.jsm:130 onLoad()#resource://gre/modules/addons/AddonUpdateChecker.jsm:309 UpdateParser/<()#resource://gre/modules/addons/AddonUpdateChecker.jsm:241
It looks like your 'updates.json' is missing the add-on name and XPI hash. I would also test without the "+" in the file name, I think that caused me issues (Due to hosting server).
To view your add-ons UUID (ex "ADDONNAME#test.com") log into the developer hub, click edit information, then look under technical information. To generate an update_hash of your XPI file I would recommend VSCryptoHash, but any other program that generates a cryptographic hash will work.
{
"addons": {
"ADDONNAME#test.com": {
"updates": [
{ "version": "1.0.0",
"update_link": "https://files.abc.com/myfiles/extension-1.2-fx.xpi" ,
"update_hash": "sha256:blahblah" }
]
}
}
}
The console error says your manifest is missing something too. Here is an example based on mine that works.
"applications": {
"gecko": {
"id": "ADDONNAME#test.com",
"strict_min_version": "50.0",
"update_url": "https://webpage/Updatefile.json"
}
},
I built an app based on template play-silhouette-seed-slick. template link
I got a configuration error caused by com.typesafe.config.ConfigException$Parse after deploying the app to heroku.
"Configuration error: Configuration error[ # file:/app/target/universal/stage/conf/: 2: Key 'application.conf' may not be followed by token: 'application.prod.conf' (if you intended 'application.prod.conf' to be part of a key or string value, try enclosing the key or value in double quotes)]"
The Procfile
web: target/universal/stage/bin/panobike-plus-server -Dhttp.port=${PORT} -Dconfig.resource=${PLAY_CONF_FILE}
And app.json
{
"name": "play-silhouette-slick-seed",
"description": "Seed project to show how Silhouette can be implemented into a Play Framework application with database access using Slick 3.",
"keywords": [
"Play",
"Silhouette",
"Slick"
],
"website": "https://github.com/sbrunk/play-silhouette-slick-seed",
"repository": "https://github.com/sbrunk/play-silhouette-slick-seed",
"success_url": "/",
"env": {
"BUILDPACK_URL": "https://github.com/heroku/heroku-buildpack-scala.git",
"PLAY_CONF_FILE": "application.prod.conf",
"PLAY_APP_SECRET": "changeme",
"FACEBOOK_CLIENT_ID": "",
"FACEBOOK_CLIENT_SECRET": "",
"GOOGLE_CLIENT_ID": "",
"GOOGLE_CLIENT_SECRET": "",
"TWITTER_CONSUMER_KEY": "",
"TWITTER_CONSUMER_SECRET": ""
}
}
In my production config "application.prod.conf", there is no such key "application.conf".
What does this error message mean?
Thank you
It was a stupid question.
I did not call the https://api.heroku.com/app-setups endpoint to setup the app.json enabled application on Heroku.
I had the same error. That was due to lack of PLAY_CONF_FILE env variable. To fix this error you need to open Heroku web page -> Settings -> click on Config Vars button and set new PLAY_CONF_FILE variable. For example application.staging.conf