0

I have an esp32 board connected to a SIM800L gsm/gprs module. I'm using TinyGSM library for this project. Somehow I cannot get my setup to publish data succesfully through an http bridge to the Google cloud. Previously I ran the examples shown on the documentation on how to do this using curl, and I was succesful.

curl -X POST -H 'authorization: Bearer JWT' -H 'content-type: application/json' --data '{"state": {"binary_data": "DATA"}}' -H 'cache-control: no-cache' 'https://cloudiotdevice.googleapis.com/v1/projects/{project-id}/locations/{cloud-region}/registries/{registry-id}/devices/{deviceid}:setState'

When I generate the supposed same request with TinyGSM and the esp32, I always get the same http response from the google server:

"error": { "code": 403, "message": "The caller does not have permission", "status": "PERMISSION_DENIED" }

At first I thought it had something to do with an incorrect JWT, but when changed deliberately to a wrong one, the error message changes to:

"error": { "code": 401, "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", "status": "UNAUTHENTICATED" }

So I guess I can rule out a possible invalid JWT

I suspect there might be something wrong with my project configurations, but if that's the case I don't understand why it always works with curl but never with the esp32.

Iván Pianetti
  • 9
  • 1
  • My educated guess is that your Arduino messes up something with authorisation and you get the "access denied". Have a look at [this port](https://stackoverflow.com/questions/36540032/understanding-curl-post-request-command-that-contains-multiple-content-type-head) to understand what curl actually does and maybe this will give you some idea how to make arduino pass everything in a way GCP API will understand. – Wojtek_B Aug 12 '20 at 15:11
  • On a cesond thought - this sounds like lack of some IAM permiossions when making calls from Arduino; (403 is authenticated (with Google) but unauthorized to a resource) – Wojtek_B Aug 13 '20 at 08:46
  • Thank you very much for the pieces of advice. I'll try them and let you know what happens. – Iván Pianetti Aug 13 '20 at 12:15
  • Having a look at the ouput of curl, gave a very useful insight. I copied every header item used by curl to my code but yet no lucky. I even changed the user-agent header to match the one used by curl. After that I checked the roles and permissions in IAM. I added the role "Service Account Token Creator" to all the members in my project but again without success. @W_B – Iván Pianetti Aug 13 '20 at 19:01
  • From your firrst quatation it looks like it's the "authorisation" issue (so GCP's API recognizes your credentials) - maybe you removed the reqired role from the service account you're using or you're using another one on Arduino ?? – Wojtek_B Aug 21 '20 at 10:36
  • @Wojtek_B I have same issue: https://github.com/GoogleCloudPlatform/google-cloud-iot-arduino/issues/23 in this project: http://nilhcem.com/iot/cloud-iot-core-with-the-esp32-and-arduino – neuberfran Sep 24 '20 at 01:27
  • @Iván Pianetti Can you help in comment above – neuberfran Sep 24 '20 at 01:35

0 Answers0