Call an authenticated service using service account #527
Comments
|
Hi, have you set the audience correctly into the scopes list? (see docs here) How have you managed to generate the token? var accountCredentials = ServiceAccountCredentials.fromJson(keyJson);
var scopes = <String>["https:/xxxxx.run.app"]; // here scopes are used to set the audience (eg. Cloud Run service url)
var client = await clientViaServiceAccount(accountCredentials, scopes);The error is thrown in utils.dart AccessToken parseAccessToken(Map<String, dynamic> jsonMap) {
final tokenType = jsonMap['token_type'];
final accessToken = jsonMap['access_token'];
final expiresIn = jsonMap['expires_in'];
if (accessToken is! String || expiresIn is! int || tokenType != 'Bearer') {
throw ServerRequestFailedException(
'Failed to exchange authorization code. Invalid server response.',
responseContent: jsonMap,
);
}
return AccessToken('Bearer', accessToken, expiryDate(expiresIn));
}The Is this library helpful in generating Google ID Tokens? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have my flutter app running under a service account and my API running under another service account. My API only accepts authenticated access. I am using the architecture described here.
I tested access to it using CURL and using "gcloud auth print-identity-token flutter-identity-sa" command to generate the identity token and it works fine.
Then I tried to implement the code on Flutter using the clientViaServiceAccount method and passing ServiceAccountCredentials but I got a 403 error. I checked the call in the browser and the request is being made using the access token instead of the identity token in the authorization header. Is there a way AuthClient uses the identity token in the authorization header?
Thank you!
The text was updated successfully, but these errors were encountered: