Service Account authorization for Google Cloud Storage service using GoogleCredential?
1,438 views
Skip to first unread message
arvsi
Mar 22, 2012, 1:22:45 PM3/22/12
to oauth...@googlegroups.com
Hi,
I am trying to use the GoogleCredential class in the google-api-client-1.7.0.jar to be able to generate the "Authorization" header value needed to be passed in an HTTP request for authorizing a Service Account style application to use Google Cloud Storage for uploading files. The only example of how to do authorization for Service Accounts I could find is:
Which basically indicates you should use the GoogleCredential library to abstract the job of getting your token/authorization, but the code sample proceeds to show an example of a service access that requires no authorization.
I tried simply returning the credential.getAccessToken() value after having created the GoogleCredential object using the setServiceAccountPrivateKeyFromP12File():
new GoogleCredential.Builder().setTransport(TRANSPORT).setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountPrivateKeyFromP12File(new File(FILE_NAME))
.setServiceAccountScopes(STORAGE_SCOPE)
.build();
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountPrivateKeyFromP12File(new File(FILE_NAME))
.setServiceAccountScopes(STORAGE_SCOPE)
.build();
but it appears that the GoogleCredential object doesn't contain an access token until you set one?
Any examples or tips on how to generate the authorization for a Service Account are welcomed.
-arvsi
Yaniv Inbar (יניב ענבר)
Mar 22, 2012, 3:47:12 PM3/22/12
to oauth...@googlegroups.com
Hi arvsi,
We are actually working on a Java sample for Google Cloud Storage right now. We will release it shortly.
Once you have a GoogleCredential (assigned to variable credential in our example), you simply use it as the HttpRequestInitializer when making requests, e.g.:
// Set up and execute Google Cloud Storage request.
String URI = "http://commondatastorage.googleapis.com/" + BUCKET_NAME;
HttpRequestFactory requestFactory =
HTTP_TRANSPORT.createRequestFactory(credential);
GenericUrl url = new GenericUrl(URI);
HttpRequest request = requestFactory.buildGetRequest(url);
HttpResponse response = request.execute();
String content = response.parseAsString();
Alternatively, if you are using another HTTP library for making requests, you can just call call credential refreshToken() to execute the request for the access token. You can then call credential.getAccessToken() to get that token.
Please let me know if this answers your questions, or if you have any other questions about using the Java library with Service Accounts.
Yaniv Inbar
Senior Software Engineer
Google Inc.
Senior Software Engineer
Google Inc.
bulit
Mar 23, 2012, 10:59:16 AM3/23/12
to oauth...@googlegroups.com
Hello,
I've also problem with authorize Service Account OAuth 2.0 from Java.
I've generated client_id and private key in pkcs12 fromat (Google Console API). I've tryed send JWS by several ways - no succes.
Here my code:
JsonFactory jsonFactory = new JacksonFactory();
HttpTransport httpTransport = new NetHttpTransport();
String clientId = "*****.apps.googleusercontent.com";
String pkcs12Repo = "*****-privatekey.p12";
String scope = "https://www.googleapis.com/aussssth/plus.me";
List<CredentialRefreshListener> list = new ArrayList<CredentialRefreshListener>();
list.add(new CredentialRefreshListener() {
public void onTokenResponse(Credential credential,
TokenResponse tokenResponse) {
log.debug(tokenResponse.toPrettyString());
}
public void onTokenErrorResponse(Credential credential,
TokenErrorResponse tokenErrorResponse) {
log.debug("Error: " + tokenErrorResponse.toPrettyString());
}
});
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(clientId)
.setServiceAccountPrivateKeyFromP12File(new File(pkcs12Repo))
.setRefreshListeners(list)
.setServiceAccountScopes(scope)
.build();
credential.refreshToken();
I always get error:
{
"error" : "invalid_grant"
}
Perhaps You know where could be the problem?
Rebards,
WG
I've also problem with authorize Service Account OAuth 2.0 from Java.
I've generated client_id and private key in pkcs12 fromat (Google Console API). I've tryed send JWS by several ways - no succes.
Here my code:
JsonFactory jsonFactory = new JacksonFactory();
HttpTransport httpTransport = new NetHttpTransport();
String clientId = "*****.apps.googleusercontent.com";
String pkcs12Repo = "*****-privatekey.p12";
String scope = "https://www.googleapis.com/aussssth/plus.me";
List<CredentialRefreshListener> list = new ArrayList<CredentialRefreshListener>();
list.add(new CredentialRefreshListener() {
public void onTokenResponse(Credential credential,
TokenResponse tokenResponse) {
log.debug(tokenResponse.toPrettyString());
}
public void onTokenErrorResponse(Credential credential,
TokenErrorResponse tokenErrorResponse) {
log.debug("Error: " + tokenErrorResponse.toPrettyString());
}
});
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(clientId)
.setServiceAccountPrivateKeyFromP12File(new File(pkcs12Repo))
.setRefreshListeners(list)
.setServiceAccountScopes(scope)
.build();
credential.refreshToken();
I always get error:
{
"error" : "invalid_grant"
}
Perhaps You know where could be the problem?
Rebards,
WG
arvsi
Mar 26, 2012, 12:52:36 PM3/26/12
to oauth...@googlegroups.com
Hi Yaniv,
My apologies for not responding sooner. The information you have provided helped me to move forward. I think I was missing the refreshToken() before the getAccessToken() as this was not readily apparent in the javaDocs. I am currently using the Google http client and that is working as well.
Thank You again for your response.
-arvsi
Reply all
Reply to author
Forward
Message has been deleted
0 new messages