Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ServiceAccountJwtAccessCredentials example? #552

Open
grandpaslab opened this issue May 8, 2024 · 4 comments
Open

ServiceAccountJwtAccessCredentials example? #552

grandpaslab opened this issue May 8, 2024 · 4 comments
Assignees
@Hectorhammett

Comments

@grandpaslab
Copy link

I'm attempting to use ServiceAccountJwtAccessCredentials to connect to a 3rd-party google cloud endpoint. AFAICT there's no example for using this class, and I haven't been able to get it to work. I've got a python example working, so I know the audience and whatnot are correct. I've cobbled together some code based on the ServiceAccountCredentials example, but I can't tell what I'm doing wrong. The error I'm getting from the API is 401: "jwt is missing".

`

$path = 'cred.json';
$sa = new ServiceAccountJwtAccessCredentials($path);

$metadata = $sa->updateMetadata(
    [
       'issuer' => '[email protected]',
       'client_email' => '[email protected]',
       'audience' => 'https://ham-sandwich.a.run.app'
    ],
    "https://accounts.google.com/o/oauth2/auth" # auth_uri
);

$middleware = new AuthTokenMiddleware($sa); 
$stack = HandlerStack::create(); 
$stack->push($middleware);
$client = new Client([ 
    'handler' => $stack, 
    'base_uri' => $BASE_URI, 
    'auth' => 'google_auth'
]);

$res = $client->request('POST', $SERVICE_URI, [
    ['body' => json_encode($quote_data)]
]);

`

Can an example for using this class be added to the docs?
@Hectorhammett Hectorhammett self-assigned this Jun 14, 2024
@Hectorhammett
Copy link
Contributor

Hello @grandpaslab!

By any chance, have you had the opportunity to debug if the token is being sent to the 3rd party at all? Or is it completely missing?

@grandpaslab
Copy link
Author

Hi @Hectorhammett,

Unfortunately no. I gave up and wrote a separate microservice in python that just gets the JWT. Would've been nice to keep it in PHP, since this was for a Wordpress integration, but I didn't have time to fight with it anymore.

@Hectorhammett
Copy link
Contributor

That's weird, nothing stands up as being wrong with this. I wonder if the 3rd party was not sending the token to the google API but the mention that Python works makes me doubt that, will take a deeper look and confirm if there is a bug in the code or not.

Thanks for the message!

@bshaffer
Copy link
Contributor

bshaffer commented Jul 2, 2024
edited
Loading

@grandpaslab The issue is that either a $scope or $authUri are required to use the Self Signed JWTs, and since AuthTokenMiddleware does not pass in an $authUri (this may be something that python does... if so we may be able to fix it...), you need to add scopes as the second argument when creating the ServiceAccountJwtAccessCredentials class if you want this to work:

$path = 'cred.json';
$scope = 'https://www.googleapis.com/auth/cloud-platform';
$sa = new ServiceAccountJwtAccessCredentials($path, $scope);

Additionally, you seem to be calling updateMetadata for no reason

I am curious what the behavior of Python is, as we typically try to have feature and behavior parity with their implementation. Would you be able to provide us with a sample of what you're doing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Hectorhammett Hectorhammett

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bshaffer @grandpaslab @Hectorhammett