1

I am trying to use Google cloud's natural language API at work, and I believe my corporate firewall is blocking communication between python and google cloud.

After entering the following in the terminal:

gcloud auth application-default login

My browser opens up to log into my google account successfully. After I log in, however, I get

ERROR: There was a problem with web authentication. Try running a
gain with --no-launch-browser.

ERROR: (gcloud.auth.application-default.login) Could not reach th
e login server. A potential cause of this could be because you ar
e behind a proxy. Please set the environment variables HTTPS_PROX
Y and HTTP_PROXY to the address of the proxy in the format "proto
col://address:port" (without quotes) and try again.
Example: HTTPS_PROXY=https://192.168.0.1:8080

I believe I need to contact my IT department to add an exception to our firewall. Does anyone know what the address / port for google cloud's natural language processing API is?

Lee88
  • 1,185
  • 3
  • 15
  • 27

1 Answers1

2

I can't directly answer your question but I can provide some general guidance that might workaround your issue.

The command

gcloud auth application-default login

Is a convenience helper for running sample code locally but it's really not the best auth strategy for a variety of reasons. It uses a special client ID that won't always have all your quota.

The way I would recommend using the API is Service Accounts. You can create a Service Account in the Cloud Console under API credentials, and then download a JSON key. Then you set the environment variable GOOGLE_APPLICATION_CREDENTIALS to point to your file, and it will automatically work assuming you are using Application Default Credentials (which most samples and client libraries use).

On App Engine, and Compute Engine (assuming you created the VM with the correct scopes) Service Accounts exist by default so you don't even need to download the JSON and set the environment variable.

The other way you can use the API is just creating an API Key, then hit the HTTP endpoints with ?key=api-key at the end of the URL. API Keys are also less than ideal (no idea who client is, no scopes), but are a simple option.

In your case, I'd recommend using JSON service account keys and the environment variable, but it's worth reading the official authentication guide.

Bill Prin
  • 2,498
  • 1
  • 20
  • 27
  • Your suggestion of using a service account worked, but could you elaborate on "... then hit the HTTP endpoints with ?key=api-key at the end of the URL" ? I have successfully generated an API key within the google cloud console, and now I should go to my terminal and change something? Or is this a python setting? – Lee88 Mar 02 '17 at 21:53
  • 1
    @Lee88 the way api keys get used is by adding the api key as URL param when hitting the HTTP/REST endpoint as I described. So you could for example just use a regular HTTP client package like requests to hit the endpoint and set the API key as a URL param. But yeah usually you use a Pyton client library. If you're using google-api-python-client (old general purpose one) you use developerKey=api-key argument in service.build(). If you're using google-cloud-python (modern client), it doesn't support API keys. Why? Because API keys aren't really a great idea as mentioned so they're discouraged. – Bill Prin Mar 03 '17 at 05:40
  • If you get service accounts working best to stick with them because they have the most fine-grained access control and by far the least likely to give you a headache. The API key is most useful if you are just messing around with curl or something. – Bill Prin Mar 03 '17 at 05:41