Hi, I'm trying to get my Google Cloud Endpoints project with gRPC working with an OAuth2.0 authentication provider using GoogleCredentials
I followed the steps in this tutorial and could make an authenticated request by generating the jwt token and setting the audience and issuer etc https://cloud.google.com/endpoints/docs/using-service-to-service-authentication-grpc#make_an_authenticated_grpc_call But we need to use GoogleCredentials for authentication and I have tried making the client request in several ways but it did not work out Below is the relevant piece of my Client code along with my api_config_auth.yaml file *CLIENT:* public class ReporterClient { public static void main(String[] args) throws Exception { // Create gRPC stub. ReporterGrpc.ReporterBlockingStub reporterBlockingStub = createReporterStub(host, port); getParams(reporterBlockingStub, domain, type, objectName, data); } // Send Request to Server public static void getParams(ReporterGrpc.ReporterBlockingStub reporterBlockingStub,String domain, String type, String objectName, String data) { GenerateReportRequest request = GenerateReportRequest.newBuilder(). setDomain(domain).setType(type).setObjectName(objectName).setData(data). build(); GenerateReportResponse response = reporterBlockingStub.generateReport( request); } // Version 1: Without scopes public static ReporterGrpc.ReporterBlockingStub createReporterStub(String host, int port) throws Exception { Channel channel = ManagedChannelBuilder.forAddress(host, port). usePlaintext(true).build(); GoogleCredentials googleCredentials = Environment.get(). computeEngineDefaultCredentials(); return ReporterGrpc.newBlockingStub(channel) .withCallCredentials(MoreCallCredentials .from(googleCredentials)); } // Version 2: With scopes public static ReporterGrpc.ReporterBlockingStub createReporterStubTry( String host, int port) throws Exception { Channel channel = ManagedChannelBuilder.forAddress(host, port). usePlaintext(true).build(); List<String> scopes = new ArrayList<>(); scopes.add("https://MY_SERVICE_CONFIGURATION_NAME”); GoogleCredentials googleCredentials = Environment.get().computeEngineDefaultCredentials().createScoped(scopes); return ReporterGrpc.newBlockingStub(channel) .withCallCredentials(MoreCallCredentials .from(googleCredentials)); } } *YAML File : API_CONFIG_AUTH.yaml:* # Reporter gRPC API configuration. type: google.api.Service config_version: 3 # Name of the service configuration. name: MY_SERVICE_CONFIGURATION_NAME # API title to appear in the user interface (Google Cloud Console). title: Reporter gRPC API apis: - name: reporter.Reporter # API usage restrictions. usage: rules: # GenerateReport method can be called without an API Key. - selector: reporter.Reporter.GenerateReport allow_unregistered_calls: true # Request authentication. authentication: providers: - id: google_service_account # Replace SERVICE-ACCOUNT-ID with your service account's email address. issuer: MY_SERVICE_ACCOUNT_ID jwks_uri: https: //www.googleapis.com/robot/v1/metadata/x509/MY_SERVICE_ACCOUNT_ID rules: # This auth rule will apply to all methods. - selector: "*" requirements: - provider_id: google_service_account *// Error for Version 1: Without scopes* Exception in thread "main" io.grpc.StatusRuntimeException: PERMISSION_DENIED: JWT validation failed: Audience not allowed at io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:212) at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:193) at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:126) at com.soliduslink.vault.reporter.endpoints.ReporterGrpc$ReporterBlockingStub.generateReport(ReporterGrpc.java:138) at com.soliduslink.vault.reporter.endpoints.ReporterClient.getParams(ReporterClient.java:143) at com.soliduslink.vault.reporter.endpoints.ReporterClient.main(ReporterClient.java:118) *// Error for Version 2: With scopes* Exception in thread "main" io.grpc.StatusRuntimeException: UNAUTHENTICATED at io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:212) at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:193) at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:126) at com.soliduslink.vault.reporter.endpoints.ReporterGrpc$ReporterBlockingStub.generateReport(ReporterGrpc.java:138) at com.soliduslink.vault.reporter.endpoints.ReporterClient.getParams(ReporterClient.java:143) at com.soliduslink.vault.reporter.endpoints.ReporterClient.main(ReporterClient.java:118) Caused by: java.io.IOException: Error parsing token refresh response. Expected value access_token not found. at com.google.auth.oauth2.OAuth2Utils.validateString(OAuth2Utils.java:116) at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:371) at com.google.auth.oauth2.OAuth2Credentials.refresh(OAuth2Credentials.java:149) at com.google.auth.oauth2.OAuth2Credentials.getRequestMetadata(OAuth2Credentials.java:135) at io.grpc.auth.GoogleAuthLibraryCallCredentials$1.run(GoogleAuthLibraryCallCredentials.java:95) at io.grpc.stub.ClientCalls$ThreadlessExecutor.waitAndDrain(ClientCalls.java:575) at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:120) -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/b1945aee-c126-4c61-8cdb-c0eff42b099b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
