https://github.com/google/google-auth-library-java <https://github.com/google/google-auth-library-java> provides a ServiceAccountJwtAccessCredentials you can use.
https://github.com/google/google-auth-library-java/blob/master/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java#L204 The jwt authorization header is set with this method : https://github.com/google/google-auth-library-java/blob/0d27d88798b299a4eda987171f34292cec73ec6c/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java#L252 On Thursday, August 24, 2017 at 10:50:06 AM UTC-7, julie wrote: > > Hi, I'm trying to get my Google Cloud Endpoints project with gRPC working > with an OAuth2.0 authentication provider using GoogleCredentials > > > I followed the steps in this tutorial and could make an authenticated > request by generating the jwt token and setting the audience and issuer etc > > > https://cloud.google.com/endpoints/docs/using-service-to-service-authentication-grpc#make_an_authenticated_grpc_call > > > But we need to use GoogleCredentials for authentication and I have tried > making the client request in several ways but it did not work out > > Below is the relevant piece of my Client code along with my > api_config_auth.yaml file > > > *CLIENT:* > > > public class ReporterClient { > > public static void main(String[] args) throws Exception { > > // Create gRPC stub. > > ReporterGrpc.ReporterBlockingStub reporterBlockingStub = > createReporterStub(host, port); > > getParams(reporterBlockingStub, domain, type, objectName, data); > > } > > // Send Request to Server > > public static void getParams(ReporterGrpc.ReporterBlockingStub > reporterBlockingStub,String domain, String type, String objectName, String > data) { > > GenerateReportRequest request = GenerateReportRequest.newBuilder(). > setDomain(domain).setType(type).setObjectName(objectName).setData(data). > build(); > > GenerateReportResponse response = reporterBlockingStub.generateReport( > request); > > } > > // Version 1: Without scopes > > public static ReporterGrpc.ReporterBlockingStub createReporterStub( > String host, int port) throws Exception { > > Channel channel = ManagedChannelBuilder.forAddress(host, port). > usePlaintext(true).build(); > > GoogleCredentials googleCredentials = Environment.get(). > computeEngineDefaultCredentials(); > > return ReporterGrpc.newBlockingStub(channel) > > .withCallCredentials(MoreCallCredentials > > .from(googleCredentials)); > > } > > // Version 2: With scopes > > public static ReporterGrpc.ReporterBlockingStub createReporterStubTry( > String host, int port) throws Exception { > > Channel channel = ManagedChannelBuilder.forAddress(host, port). > usePlaintext(true).build(); > > List<String> scopes = new ArrayList<>(); > > scopes.add("https://MY_SERVICE_CONFIGURATION_NAME”); > > GoogleCredentials googleCredentials = > Environment.get().computeEngineDefaultCredentials().createScoped(scopes); > > return ReporterGrpc.newBlockingStub(channel) > > .withCallCredentials(MoreCallCredentials > > .from(googleCredentials)); > } > > } > > > > *YAML File : API_CONFIG_AUTH.yaml:* > > > # Reporter gRPC API configuration. > > type: google.api.Service > > config_version: 3 > > # Name of the service configuration. > > name: MY_SERVICE_CONFIGURATION_NAME > > # API title to appear in the user interface (Google Cloud Console). > > title: Reporter gRPC API > > apis: > > - name: reporter.Reporter > > # API usage restrictions. > > usage: > > rules: > > # GenerateReport method can be called without an API Key. > > - selector: reporter.Reporter.GenerateReport > > allow_unregistered_calls: true > > # Request authentication. > > authentication: > > providers: > > - id: google_service_account > > # Replace SERVICE-ACCOUNT-ID with your service account's email > address. > > issuer: MY_SERVICE_ACCOUNT_ID > > jwks_uri: https:// > www.googleapis.com/robot/v1/metadata/x509/MY_SERVICE_ACCOUNT_ID > > rules: > > # This auth rule will apply to all methods. > > - selector: "*" > > requirements: > - provider_id: google_service_account > > > > *// Error for Version 1: Without scopes* > > > Exception in thread "main" io.grpc.StatusRuntimeException: > PERMISSION_DENIED: JWT validation failed: Audience not allowed > > at io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:212) > > at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:193) > > at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:126) > > at > com.soliduslink.vault.reporter.endpoints.ReporterGrpc$ReporterBlockingStub.generateReport(ReporterGrpc.java:138) > > at > com.soliduslink.vault.reporter.endpoints.ReporterClient.getParams(ReporterClient.java:143) > > at > com.soliduslink.vault.reporter.endpoints.ReporterClient.main(ReporterClient.java:118) > > > *// Error for Version 2: With scopes* > > > Exception in thread "main" io.grpc.StatusRuntimeException: UNAUTHENTICATED > > at io.grpc.stub.ClientCalls.toStatusRuntimeException(ClientCalls.java:212) > > at io.grpc.stub.ClientCalls.getUnchecked(ClientCalls.java:193) > > at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:126) > > at > com.soliduslink.vault.reporter.endpoints.ReporterGrpc$ReporterBlockingStub.generateReport(ReporterGrpc.java:138) > > at > com.soliduslink.vault.reporter.endpoints.ReporterClient.getParams(ReporterClient.java:143) > > at > com.soliduslink.vault.reporter.endpoints.ReporterClient.main(ReporterClient.java:118) > > Caused by: java.io.IOException: Error parsing token refresh response. > Expected value access_token not found. > > at com.google.auth.oauth2.OAuth2Utils.validateString(OAuth2Utils.java:116) > > at > com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:371) > > at > com.google.auth.oauth2.OAuth2Credentials.refresh(OAuth2Credentials.java:149) > > at > com.google.auth.oauth2.OAuth2Credentials.getRequestMetadata(OAuth2Credentials.java:135) > > at > io.grpc.auth.GoogleAuthLibraryCallCredentials$1.run(GoogleAuthLibraryCallCredentials.java:95) > > at > io.grpc.stub.ClientCalls$ThreadlessExecutor.waitAndDrain(ClientCalls.java:575) > > at io.grpc.stub.ClientCalls.blockingUnaryCall(ClientCalls.java:120) > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/7d00a112-24e1-43ef-b50e-671204014601%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
