英文:
400 Bad request when generating the Google API access token using Go iamcredentials client API
问题
我正在尝试使用iamcredentials Go API客户端来生成一个Access Token,以通过REST API访问一些Google API。我正在使用以下代码:
package main
import (
"context"
"log"
"google.golang.org/api/iamcredentials/v1"
)
func main() {
iamcredentialsService, err := iamcredentials.NewService(context.Background())
if err != nil {
log.Println("初始化iamcredential服务时出错", err)
return
}
accessTokenCall := iamcredentialsService.Projects.ServiceAccounts.GenerateAccessToken(
"projects/-/serviceAccounts/some-sa@some-project-id.iam.gserviceaccount.com:generateAccessToken",
&iamcredentials.GenerateAccessTokenRequest{
Scope: []string{
iamcredentials.CloudPlatformScope,
},
},
)
iamResp, err := accessTokenCall.Do()
if err != nil {
log.Println("生成访问令牌时出错", err)
return
}
log.Println(iamResp)
}
但是当我尝试运行上面的代码片段时,我收到了以下消息:
go run main.go
生成访问令牌时出错 googleapi: Error 400: Request contains an invalid argument., badRequest
有没有办法检查是哪个部分导致了上述响应?我不确定,因为没有一个好的实现示例。任何帮助将不胜感激,谢谢。
备注:
- 我已经查看了关于此主题的以下文档:https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials 和 https://pkg.go.dev/google.golang.org/api/iamcredentials/v1#pkg-overview
- 我已经使用IAM上的
Service Account Token Creator角色设置了服务帐号,并且还从控制台启用了IAM API - 我还根据建议将
GOOGLE_APPLICATION_CREDENTIALS添加到环境变量中
英文:
I am trying to implement iamcredentials Go API client to generate an Access Token to access some Google APIs via REST API, I am using this code
package main
import (
"context"
"log"
"google.golang.org/api/iamcredentials/v1"
)
func main() {
iamcredentialsService, err := iamcredentials.NewService(context.Background())
if err != nil {
log.Println("error initialize iamcredential Service ", err)
return
}
accessTokenCall := iamcredentialsService.Projects.ServiceAccounts.GenerateAccessToken(
"projects/-/serviceAccounts/some-sa@some-project-id.iam.gserviceaccount.com:generateAccessToken",
&iamcredentials.GenerateAccessTokenRequest{
Scope: []string{
iamcredentials.CloudPlatformScope,
},
},
)
iamResp, err := accessTokenCall.Do()
if err != nil {
log.Println("error generate access token", err)
return
}
log.Println(iamResp)
}
But when I tried to run the above snippet, I got this message
go run main.go
error generate access token googleapi: Error 400: Request contains an invalid argument., badRequest
Is there any way to check which one is causing the above response? I am not sure since there isn't any good example of implementation. Any help would be appreciated, Thanks.
Notes :
- I have checked following documentation on this topic https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and this https://pkg.go.dev/google.golang.org/api/iamcredentials/v1#pkg-overview
- I have already setup the Service account using
Service Account Token Creatorrole on IAM and also enabled the IAM API from the console - Also I have added
GOOGLE_APPLICATION_CREDENTIALSto the environment variables as suggested
答案1
得分: 0
@DanielFarrell 是正确的,你需要删除末尾的 :generateAccessToken。这是代码中的文档说明。不要犹豫去探索它,它是开源的 
// GenerateAccessToken: 生成一个服务账号的 OAuth 2.0 访问令牌。
//
// - name: 请求凭据的服务账号的资源名称,格式如下:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`。`-` 通配符是必需的;用项目 ID 替换它是无效的。
func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall {
c := &ProjectsServiceAccountsGenerateAccessTokenCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
c.generateaccesstokenrequest = generateaccesstokenrequest
return c
}
英文:
@DanielFarrell is right, you need to remove the :generateAccessToken at the end. Here the documentation in the code. Don't hesitate to explore it, it's open source
// GenerateAccessToken: Generates an OAuth 2.0 access token for a
// service account.
//
// - name: The resource name of the service account for which the
// credentials are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
// wildcard character is required; replacing it with a project ID is
// invalid.
func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall {
c := &ProjectsServiceAccountsGenerateAccessTokenCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
c.generateaccesstokenrequest = generateaccesstokenrequest
return c
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论