生成Google API访问令牌时,使用Go iamcredentials客户端API时出现400错误请求。

huangapple go评论89阅读模式
英文:

400 Bad request when generating the Google API access token using Go iamcredentials client API

问题

我正在尝试使用iamcredentials Go API客户端来生成一个Access Token,以通过REST API访问一些Google API。我正在使用以下代码:

package main

import (
	"context"
	"log"

	"google.golang.org/api/iamcredentials/v1"
)

func main() {
	iamcredentialsService, err := iamcredentials.NewService(context.Background())
	if err != nil {
		log.Println("初始化iamcredential服务时出错", err)
		return
	}
	accessTokenCall := iamcredentialsService.Projects.ServiceAccounts.GenerateAccessToken(
		"projects/-/serviceAccounts/some-sa@some-project-id.iam.gserviceaccount.com:generateAccessToken",
		&iamcredentials.GenerateAccessTokenRequest{
			Scope: []string{
				iamcredentials.CloudPlatformScope,
			},
		},
	)

	iamResp, err := accessTokenCall.Do()
	if err != nil {
		log.Println("生成访问令牌时出错", err)
		return
	}

	log.Println(iamResp)
}

但是当我尝试运行上面的代码片段时,我收到了以下消息:

go run main.go 

生成访问令牌时出错 googleapi: Error 400: Request contains an invalid argument., badRequest

有没有办法检查是哪个部分导致了上述响应?我不确定,因为没有一个好的实现示例。任何帮助将不胜感激,谢谢。

备注:

  • 我已经查看了关于此主题的以下文档:https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials 和 https://pkg.go.dev/google.golang.org/api/iamcredentials/v1#pkg-overview
  • 我已经使用IAM上的Service Account Token Creator角色设置了服务帐号,并且还从控制台启用了IAM API
  • 我还根据建议将GOOGLE_APPLICATION_CREDENTIALS添加到环境变量中
英文:

I am trying to implement iamcredentials Go API client to generate an Access Token to access some Google APIs via REST API, I am using this code

    package main

    import (
    	"context"
    	"log"

    	"google.golang.org/api/iamcredentials/v1"
    )

    func main() {
    	iamcredentialsService, err := iamcredentials.NewService(context.Background())
    	if err != nil {
    		log.Println("error initialize iamcredential Service ", err)
    		return
    	}
    	accessTokenCall := iamcredentialsService.Projects.ServiceAccounts.GenerateAccessToken(
    		"projects/-/serviceAccounts/some-sa@some-project-id.iam.gserviceaccount.com:generateAccessToken",
    		&iamcredentials.GenerateAccessTokenRequest{
    			Scope: []string{
    				iamcredentials.CloudPlatformScope,
    			},
    		},
    	)

    	iamResp, err := accessTokenCall.Do()
    	if err != nil {
    		log.Println("error generate access token", err)
    		return
    	}

    	log.Println(iamResp)
    }

But when I tried to run the above snippet, I got this message

go run main.go 

error generate access token googleapi: Error 400: Request contains an invalid argument., badRequest

Is there any way to check which one is causing the above response? I am not sure since there isn't any good example of implementation. Any help would be appreciated, Thanks.

Notes :

答案1

得分: 0

@DanielFarrell 是正确的,你需要删除末尾的 :generateAccessToken。这是代码中的文档说明。不要犹豫去探索它,它是开源的 生成Google API访问令牌时,使用Go iamcredentials客户端API时出现400错误请求。

// GenerateAccessToken: 生成一个服务账号的 OAuth 2.0 访问令牌。
//
// - name: 请求凭据的服务账号的资源名称,格式如下:
//   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`。`-` 通配符是必需的;用项目 ID 替换它是无效的。
func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall {
	c := &ProjectsServiceAccountsGenerateAccessTokenCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.generateaccesstokenrequest = generateaccesstokenrequest
	return c
}
英文:

@DanielFarrell is right, you need to remove the :generateAccessToken at the end. Here the documentation in the code. Don't hesitate to explore it, it's open source 生成Google API访问令牌时,使用Go iamcredentials客户端API时出现400错误请求。

// GenerateAccessToken: Generates an OAuth 2.0 access token for a
// service account.
//
// - name: The resource name of the service account for which the
//   credentials are requested, in the following format:
//   `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
//   wildcard character is required; replacing it with a project ID is
//   invalid.
func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall {
	c := &ProjectsServiceAccountsGenerateAccessTokenCall{s: r.s, urlParams_: make(gensupport.URLParams)}
	c.name = name
	c.generateaccesstokenrequest = generateaccesstokenrequest
	return c
}

huangapple
  • 本文由 发表于 2021年9月28日 12:42:39
  • 转载请务必保留本文链接:https://go.coder-hub.com/69355904.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定