Error When trying to retreive access token from 'https://www.googleapis.com/auth/cloud-platform'
183 views
Skip to first unread message
Richard Cheesmar
Feb 25, 2017, 9:31:22 AM2/25/17
to Google App Engine
I have been experimenting with some of the Google Examples, which I have to say is a bit of a nightmare!
I'm following the example here https://cloud.google.com/appengine/docs/standard/python/appidentity/ to retrieve an access token on the develoment server (MacOS Sierra) using Pycharm.
I have indeed setup a service account on the Cloud Console, something you have to scrape around to find out for yourself and it is being retrieved correctly via
However, I am getting this error:
I assume I have provided the service account with the correct permissions for what I want, which are:
Storage Object Creator
Storage Object Viewer
Service Account Actor which I assume I need to access the token, not really sure.
I would appreciate some direct Google help here or any help from someone that can give me an answer not a choice of paradigms. I have to say that the Google Docs are failing dramatically. It is near impossible without pouring over the stuff for hours to get clear recipe style format for performing simple tasks. When there is smidgeon of hope it goes down the toilet fast with an error for example, you set up the service accounts get your key sorted run your code and wham:
I'm following the example here https://cloud.google.com/appengine/docs/standard/python/appidentity/ to retrieve an access token on the develoment server (MacOS Sierra) using Pycharm.
I have indeed setup a service account on the Cloud Console, something you have to scrape around to find out for yourself and it is being retrieved correctly via
app_identity.get_service_account_name()
However, I am getting this error:
*** InternalError: Error getting access token. Response code: 400, Content: {
"error" : "invalid_grant",
"error_description" : "Invalid JWT: Token must be a short-lived token and in a reasonable timeframe"
}I assume I have provided the service account with the correct permissions for what I want, which are:
Storage Object Creator
Storage Object Viewer
Service Account Actor which I assume I need to access the token, not really sure.
I would appreciate some direct Google help here or any help from someone that can give me an answer not a choice of paradigms. I have to say that the Google Docs are failing dramatically. It is near impossible without pouring over the stuff for hours to get clear recipe style format for performing simple tasks. When there is smidgeon of hope it goes down the toilet fast with an error for example, you set up the service accounts get your key sorted run your code and wham:
HTTPException: Invalid and/or missing SSL certificate for URL:
arrives like a big fat palm to smack you across the kisser. You Google and Stackoverflow some more, and find out it's a bug with outdated certificates in the sdk. Great, you fix that, try not to bang your head
against the nearest hard object, because then you won't have a computer to work on, take a deep breath and run again. The bug above is where you arrive.
Do us techs a favour Google, if you are going to create software you want us to use, provide adequate documentation to allow us to use them without reaching for the damn zanax. Recipies,
and more recipes with clear cut examples. I'm not a technical mystery detective, I'm a simple minded developer that is fed up to the back teeth of having to trawl through your min
efield of documents just to do some simple
Richard Cheesmar
Feb 25, 2017, 9:32:35 AM2/25/17
to Google App Engine
That should end with stuff, but guess what, the text just disappeared on me and had to click POST... go figure.
Richard Cheesmar
Feb 25, 2017, 12:26:25 PM2/25/17
to Google App Engine
Update: The fix for the
HTTPException: Invalid and/or missing SSL certificate for URL:
solution here: https://code.google.com/p/googleappengine/issues/detail?id=13477
was correct, but the cacerts.pem file was corrupted somehow, replacing that again sorted that out properly but didn't resolve the first issue. The first issue noted was because the server time and computer times were out of sync. In my case it is because my computer is in Turkey and Turkey did not change from summertime this year, hence it is out of sync with the rest of the planet!
Set this to automatic with asian time server and it's ok.
None, of the reasons above negate my comments on Google Docs though.
Off to have the other half of the bottle of zanax now.
was correct, but the cacerts.pem file was corrupted somehow, replacing that again sorted that out properly but didn't resolve the first issue. The first issue noted was because the server time and computer times were out of sync. In my case it is because my computer is in Turkey and Turkey did not change from summertime this year, hence it is out of sync with the rest of the planet!
Set this to automatic with asian time server and it's ok.
None, of the reasons above negate my comments on Google Docs though.
Off to have the other half of the bottle of zanax now.
Adam (Cloud Platform Support)
Feb 26, 2017, 6:11:42 PM2/26/17
to Google App Engine
Apologies for the frustration. We're aware that docs are a pain point for developers and are always working on improving them. Be assured we're monitoring threads like these and making note of feedback for future iterations of our documentation. Having more recipe style solutions is something I'd like to see more of as well (dispense with the verbage and show me the code, it will usually explain it much more concisely).
As a general suggestion, a lot of issues and corner cases end up getting documented outside of the official docs on the other sites we're active on such as Stack Exchange, GitHub, Reddit and the official issue trackers (and of course Google Groups). Frequent and targeted use of our namesake search engine is encouraged (for instance Googling the two error messages for me leads straight to the relevant sources of information on the first hits via Stack Overflow).
Reply all
Reply to author
Forward
0 new messages