Thanks for stopping by to let us know something could be better!
PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.
Please run down the following list and make sure you've tried the usual "quick fixes":
If you are still having issues, please include as much information as possible:
Environment details
- GCE / ComputeEngineCredentials
- OS type and version:
- Java version: 11
- version(s):
Steps to reproduce
Occasionally we see errors refreshing a token, with the actual source of the error being:
https://github.com/googleapis/google-http-java-client/blob/9f389ef89195af77eff8f1e1c1c9ee9bf9c7792c/google-http-client/src/main/java/com/google/api/client/json/webtoken/JsonWebSignature.java#L544
Following through the code I get back to here
|
public IdToken idTokenWithAudience(String targetAudience, List<IdTokenProvider.Option> options) |
:
GenericUrl documentUrl = new GenericUrl(getIdentityDocumentUrl());
if (options != null) {
if (options.contains(IdTokenProvider.Option.FORMAT_FULL)) {
documentUrl.set("format", "full");
}
if (options.contains(IdTokenProvider.Option.LICENSES_TRUE)) {
// license will only get returned if format is also full
documentUrl.set("format", "full");
documentUrl.set("license", "TRUE");
}
}
documentUrl.set("audience", targetAudience);
HttpResponse response = getMetadataResponse(documentUrl.toString());
InputStream content = response.getContent();
if (content == null) {
throw new IOException("Empty content from metadata token server request.");
}
String rawToken = response.parseAsString();
return IdToken.create(rawToken);
So - purely speculating - it looks to me that the HTTP request may sometimes not error out but instead return a non-200 response with an error in the body which is then not parsable as a token. I have no proof of this but it seems plausible based on the code.
If this is happening IMO it would be better to have a more specific error, the IllegalArgumentException is very odd and confusing, though of course the end result is the same (i.e. the token is not refreshed).
Code example
Stack trace
java.lang.IllegalArgumentException: null
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:131)
at com.google.api.client.util.Preconditions.checkArgument(Preconditions.java:35)
at com.google.api.client.json.webtoken.JsonWebSignature$Parser.parse(JsonWebSignature.java:544)
at com.google.api.client.json.webtoken.JsonWebSignature.parse(JsonWebSignature.java:479)
at com.google.auth.oauth2.IdToken.create(IdToken.java:80)
at com.google.auth.oauth2.IdToken.create(IdToken.java:68)
at com.google.auth.oauth2.ComputeEngineCredentials.idTokenWithAudience(ComputeEngineCredentials.java:261)
at com.spotify.eventsender.grpc.DefaultIdTokenProvider.idTokenWithAudience(DefaultIdTokenProvider.java:25)
at com.google.auth.oauth2.IdTokenCredentials.refreshAccessToken(IdTokenCredentials.java:124)
at com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:257)
at com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:254)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
...
External references such as API reference guides
Any additional information below
Following these steps guarantees the quickest resolution possible.
Thanks!
Thanks for stopping by to let us know something could be better!
PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.
Please run down the following list and make sure you've tried the usual "quick fixes":
If you are still having issues, please include as much information as possible:
Environment details
Steps to reproduce
Occasionally we see errors refreshing a token, with the actual source of the error being:
https://github.com/googleapis/google-http-java-client/blob/9f389ef89195af77eff8f1e1c1c9ee9bf9c7792c/google-http-client/src/main/java/com/google/api/client/json/webtoken/JsonWebSignature.java#L544
Following through the code I get back to here
google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java
Line 241 in c813d55
So - purely speculating - it looks to me that the HTTP request may sometimes not error out but instead return a non-200 response with an error in the body which is then not parsable as a token. I have no proof of this but it seems plausible based on the code.
If this is happening IMO it would be better to have a more specific error, the IllegalArgumentException is very odd and confusing, though of course the end result is the same (i.e. the token is not refreshed).
Code example
// exampleStack trace
External references such as API reference guides
Any additional information below
Following these steps guarantees the quickest resolution possible.
Thanks!