TokenResponseException: missing scope when using the RemoteAPI of AppEngine in Java with OAuth 2.0 on stand-alone application

423 views
Skip to first unread message

Will.Mclt via StackOverflow

unread,
Nov 11, 2015, 11:34:05 AM11/11/15
to google-appengin...@googlegroups.com

My goal is for my stand-alone application to access the datastore of a Google App Engine application so that I can query it. My application used to work with ClientLogin, but I have been asked to use OAuth 2.0 for the authentication (and using ClientLogin doesn't work anymore).

I follow the instructions on this page: https://cloud.google.com/appengine/docs/java/tools/remoteapi

I use the provided code, have made an service account, downloaded the json key, made an environment variable pointing to this key. The result is that I get the following exception:

Exception in thread "main" java.lang.ExceptionInInitializerError
    at commonMigration.StoreMigrator.moveResultsOfFeature(StoreMigrator.java:51)
    at migrationModule_A.Coordinator_A.migrate(Coordinator_A.java:32)
    at commonMigration.Starter.main(Starter.java:11)
Caused by: java.lang.RuntimeException: Failed to acquire Google Application Default credential.
    at com.google.appengine.tools.remoteapi.RemoteApiOptions.useApplicationDefaultCredential(RemoteApiOptions.java:163)
    at commonMigration.RemoteOptions.<clinit>(RemoteOptions.java:18)
    ... 3 more
Caused by: com.google.appengine.repackaged.com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
  "error" : "invalid_scope",
  "error_description" : "Empty or missing scope not allowed."
}
    at com.google.appengine.repackaged.com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
    at com.google.appengine.repackaged.com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
    at com.google.appengine.repackaged.com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
    at com.google.appengine.repackaged.com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:384)
    at com.google.appengine.repackaged.com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
    at com.google.appengine.tools.remoteapi.RemoteApiOptions.useApplicationDefaultCredential(RemoteApiOptions.java:160)
    ... 4 more

which seems to point to a missing scope argument, a concern which isn't mentioned in the explication on the web page. Is there an easy way to fix this issue?



Please DO NOT REPLY directly to this email but go to StackOverflow:
http://stackoverflow.com/questions/33655205/tokenresponseexception-missing-scope-when-using-the-remoteapi-of-appengine-in-j

Will.Mclt via StackOverflow

unread,
Nov 11, 2015, 12:24:04 PM11/11/15
to google-appengin...@googlegroups.com

My goal is for my stand-alone application to access the datastore of a Google App Engine application so that I can query it. My application used to work with ClientLogin, but I have been asked to use OAuth 2.0 for the authentication (and using ClientLogin doesn't work anymore).

I follow the instructions on this page: https://cloud.google.com/appengine/docs/java/tools/remoteapi

I use the provided code, have made an service account, downloaded the json key, made an environment variable pointing to this key. The result is that I get the following exception:

Exception in thread "main" java.lang.ExceptionInInitializerError
    at myApplication.myClass4.moveResultsOfFeature(myClass4.java:51)
    at myApplication.myClass2.migrate(MyClass3.java:32)
    at myApplication.myClass1.main(Starter.java:11)
Caused by: java.lang.RuntimeException: Failed to acquire Google Application Default credential.
    at com.google.appengine.tools.remoteapi.RemoteApiOptions.useApplicationDefaultCredential(RemoteApiOptions.java:163)
    at commonMigration.RemoteOptions.<clinit>(RemoteOptions.java:18)
    ... 3 more
Caused by: com.google.appengine.repackaged.com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
  "error" : "invalid_scope",
  "error_description" : "Empty or missing scope not allowed."
}
    at com.google.appengine.repackaged.com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
    at com.google.appengine.repackaged.com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
    at com.google.appengine.repackaged.com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
    at com.google.appengine.repackaged.com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:384)
    at com.google.appengine.repackaged.com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
    at com.google.appengine.tools.remoteapi.RemoteApiOptions.useApplicationDefaultCredential(RemoteApiOptions.java:160)
    ... 4 more

which seems to point to a missing scope argument, a concern which isn't mentioned in the explication on the web page. Is there an easy way to fix this issue?

Per request, my code (simplified):

public class StackOverflow {

    private static RemoteApiOptions REMOTE_OPTIONS = new RemoteApiOptions().server(
            <application-id>.appspot.com, 443)
            .useApplicationDefaultCredential();

    public static void main(String[] args0) throws IOException {
        // MAKING THE CONNECTION
        RemoteApiInstaller installer = new RemoteApiInstaller();
        // LOAD FROM Local
        installer.install(REMOTE_OPTIONS);
        try {
            // MY OPERATIONS 
        } finally {
            installer.uninstall();
        }
    }
}
Reply all
Reply to author
Forward
0 new messages