Comments (4)
Sorry for the delay in getting to this.
After further review, this looks like a legit bug - BigQuery is using the older generated clients (com.google.apis:google-api-services-bigquery) and it's not supplying an audience id for the request when requesting getRequestMetadata()
from the credentials.
from google-auth-library-java.
So is the bug here or in BigQuery? Do we need to upgrade BigQuery to the latest auth library? Or fix its calls? Or both?
from google-auth-library-java.
Finally, getting back to this issue - it has 2 parts:
First, is the exception which seems to be a bug and is addressed in #223 - the request initializer is trying to build a token before the request's URI is set. We can delay fetching the token until right before the request is executed using an HttpRequestInterceptor.
Second, is that this use case won't work as the BigQuery API does not allow for signed JWTs - it requires an OAuth 2.0 token so the ServiceAccountJWTCredentials cannot be used against it.
from google-auth-library-java.
It sounds like there's nothing actionable on this issue in the google-auth-library-java
repo. Please contact the BigQuery team for support or a feature request (https://cloud.google.com/bigquery/support) for the signed JWT credentials support.
from google-auth-library-java.
Related Issues (20)
- Add reactor Bindings HOT 3
- The horror of chain reaction (GoogleCredentials) HOT 1
- Allow usage of ExternalAccountCredentials custom implementation HOT 2
- unchecked casts are bad practice, but allowed globally in pom.xml
- Add native image support for credentials and appengine modules
- impersonated_service_account not recognized HOT 1
- ExternalAccountCredentials serialization is broken HOT 1
- com.google.firebase.messaging.FirebaseMessagingException: Unknown error while making a remote service call: Error getting access token for service account: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 405 Method Not Allowed", HOT 2
- [kms]: Missing credentials leads to misleading exception and pointless retry loop HOT 4
- DefaultPKCEProvider challenge rejected HOT 4
- Method implementation and logic isOnGAEStandard7() is incorrect for java21 jetty which does not define the old jetty logging class. HOT 2
- External documentation is outdated - latest published version is 1.20.0 HOT 1
- AppEngineCredential depends on legacy bundled service HOT 4
- Failing while building google-auth-library-java version v1.6.0 using mvn clean install HOT 6
- Migrating old GoogleCredential object to new GoogleCredentials object for OAuth HOT 4
- ComputeEngineCredentials.createScoped copies existing AccessToken HOT 4
- Previously, I use google-cloud-vertexai 0.3. I can't use service account json in 1.3. HOT 1
- Workload identity federation doesn't support full aws credential sources. HOT 2
- ComputeEngineCredentials does not handle error response from the metadata server correctly HOT 1
- Google Play Publisher with Proxy Authentication
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google-auth-library-java.