0

I created a service account with the roles: Document AI Administrator and Service Account Key Admin.

However, when I try to fetch an access token using googleauth (1.7.0) Ruby gem, i get the following error:

Signet::AuthorizationError (Authorization failed.  Server message:)
{"error":"invalid_grant","error_description":"Invalid JWT Signature."}

Here's my code that I'm running locally on my command line:

scope = 'https://www.googleapis.com/auth/cloud-platform'

authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('path_to_private_key_file_of_service_account.json'),
  scope: scope)

authorizer.fetch_access_token!

I can get this to work when I have a user that has "ALL" permissions granted, so I know it's a permissions issue, but I don't know which roles/permissions are needed to request the access token. ?

Kamilski81
  • 14,409
  • 33
  • 108
  • 161

1 Answers1

1

You can set the service account as Application Default Credentials for your local development environment, then the client library should pick it up automatically.

Also according to the Document AI Ruby Client Library Documentation - Authentication you can use the following code to initialize a Document AI client for ruby using a credentials.json file:

require "google/cloud/document_ai"

client = Google::Cloud::DocumentAI.document_processor_service do |config|
  config.credentials = "path/to/keyfile.json"
end

or for all Document AI clients

require "google/cloud/document_ai"

Google::Cloud::DocumentAI.configure do |config|
  config.credentials = "path/to/keyfile.json"
end

client = Google::Cloud::DocumentAI.document_processor_service
Holt Skinner
  • 1,692
  • 1
  • 8
  • 21