got 'invalid_grant' in oauth2 SignedJwtAssertionCredentials

google-cloud-datastore oauth2client
Pahud Hsieh picture Pahud Hsieh · May 28, 2014 · Viewed 6.9k times · Source

I am trying to make an oauth2 access_token in a server-to-server JSON API scenario. But it failed with invalid_grant error, please help.

from oauth2client.client import SignedJwtAssertionCredentials

KEY_FILE = 'xxxxxxxxxxxx-privatekey.p12'

with open(KEY_FILE, 'r') as fd:
    key = fd.read()

SERVICE_ACCOUNT_EMAIL = 'xxxxxx.apps.googleusercontent.com'

credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
      scope="https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/userinfo.email",
      token_uri='https://accounts.google.com/o/oauth2/token')


assertion = credentials._generate_assertion()

h = httplib2.Http()
credentials._do_refresh_request(h.request)

and I got

Traceback (most recent call last):
  File "/Users/pahud/Projects/oauth2client/x.py", line 24, in <module>
    credentials._do_refresh_request(h.request)
  File "/Users/pahud/Projects/oauth2client/oauth2client/client.py", line 710, in _do_refresh_request
    raise AccessTokenRefreshError(error_msg)
oauth2client.client.AccessTokenRefreshError: invalid_grant
[Finished in 0.7s with exit code 1]

http://i.stack.imgur.com/iGGYx.png

Answer

Pahud Hsieh picture Pahud Hsieh · May 29, 2014

I fixed it.

SERVICE_ACCOUNT_EMAIL = 'xxxxxx.apps.googleusercontent.com'

the above is client ID not Email, I fixed this and it's working now.

Related questions

What database does Google use?

Is it Oracle or MySQL or something they have built themselves?

Read More
How to delete all datastore in Google App Engine?

Does anyone know how to delete all datastore in Google App Engine?

Read More
Google Cloud Bigtable vs Google Cloud Datastore

What is the difference between Google Cloud Bigtable and Google Cloud Datastore / App Engine datastore, and what are the main practical advantages/disadvantages? AFAIK Cloud Datastore is build on top of Bigtable.

Read More