How to get access token programatically for GCP Compute API

Question

I need some help for access tokens in GCP. I am using Java as program language and I tried different approaches like: https://cloud.google.com/iap/docs/authentication-howto and https://developers.google.com/identity/protocols/OAuth2ServiceAccount#jwt-auth

I am using the second approach. Code snippet:

 String privateKeyId = "my-private-key";

    long now = System.currentTimeMillis();

    String signedJwt = null;

    try {
        Algorithm algorithm = Algorithm.RSA256(null, privateKey);
         signedJwt = JWT.create()
                .withKeyId(privateKeyId)
                .withIssuer("my-issuer")
                .withSubject("my-subject")
             .withAudience("https://www.googleapis.com/compute/v1/compute.machineTypes.list")
                .withIssuedAt(new Date(now))
                .withExpiresAt(new Date(now + 3600 * 1000L))
                .sign(algorithm);
    } catch (Exception e){
        e.printStackTrace();
    }

    return signedJwt;

Then I perform get instances setting the returned token as Bearer authorization header but response is:

 com.google.api.client.http.HttpResponseException: 401 Unauthorized
     {
     "error": {
     "errors": [
       {
       "domain": "global",
       "reason": "authError",
       "message": "Invalid Credentials",
       "locationType": "header",
       "location": "Authorization"
       }
       ],
       "code": 401,
    "message": "Invalid Credentials"
       }
       }

With same credentials I am able to access the SDK.

Thanks!

Remember that the code for a service account is not the same as the code for Oauth2 and neither are the clients that are created. — Linda Lawton - DaImTo, Sep 07 '18 at 11:27
Thanks for response. This is what I am trying to figure out. How can I retrieve access token through service account? — user2739823, Sep 07 '18 at 11:31
you should be using the java client library its going to be easier and the user credentials returned will have an access token you can use — Linda Lawton - DaImTo, Sep 07 '18 at 11:57
You've tagged both App Engine and Compute Engine. The answers are likely going to be different. Which platform is your code actually hosted? — BrettJ, Sep 08 '18 at 19:03

score 0 · Answer 1 · edited Jun 15 '19 at 00:45

0

As per @DalmTo, you should be using the client library for Java. This is the link to get you started.

edited Jun 15 '19 at 00:45

simhumileco

31,877
16
137
115

answered Sep 07 '18 at 18:07

dany L

2,456
6
12

How to get access token programatically for GCP Compute API

1 Answers1