Authentication

  • 2
  • Problem
  • Updated 3 years ago
  • Solved
  • (Edited)
Hi,
I have create a company in the rise vision. and accessed the RiseVision API through the p12 file of Service account of mail id for the following 

Client ID - 67356889681-3e6q9pfpcrpcih88tsp05q4q52evb5kb.apps.googleusercontent.com

Client secret key : GGYHoD2wDk3-VI6EWWL5x6Yj

company ID - 18b8e90f-3952-4981-af4e-a7dd809af8c7.

And done everything under my company using the same details. But From today on-wards when trying to access the RiseVision API it was showing the following response

com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
{
  "error" : "invalid_grant",
  "error_description" : "Invalid JWT Signature."
}

And When i tried with new Service account of the same mail id it was showing the following error

com.google.api.client.auth.oauth2.TokenResponseException: 401 Unauthorized

and followed the 

https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests

I know it is the communication problem with the Google OAuth,

But why suddenly it was showing like this and is there anyway to get out of this problem,

Kindly need a help.

Thanks,

Rakesh A.
Photo of Rakesh Allampati

Rakesh Allampati

  • 260 Points 250 badge 2x thumb

Posted 3 years ago

  • 2
Photo of HSuarez

HSuarez

  • 11,896 Points 10k badge 2x thumb
Hi Rakesh,
Looking at the error description it looks like the issue is around the JWT Signature. You might want to try the following:
(Under 'Verify the integrity of the ID token'): https://developers.google.com/identit...
(Under 'Token expiration'): https://developers.google.com/identit...

I don't know if anyone else has come across this, alternatively you may want to try specialist sites like Stack Overflow.
Photo of Rakesh Allampati

Rakesh Allampati

  • 260 Points 250 badge 2x thumb
yeah but i am using the service account which will not expires in life time...

and it was the same service account works till yesterday. And i have followed the link to access the rise vision api is

https://community.risevision.com/rise_vision_inc/topics/using-a-service-account-to-manage-rise-visio...

but that was

not working since today.
Photo of Alfredo Fidani

Alfredo Fidani

  • 60 Points
I have the same problem. My account works until yesterday 8pm GTM+3.
I didnt change anything, lifetime certificates.... same code.
Photo of Robb

Robb, Official Rep

  • 76,676 Points 50k badge 2x thumb
Gentlemen,

We have notified our Dev team about this, and will update you when we know more information.

Thanks!
Photo of Ezequiel Conte

Ezequiel Conte, Employee

  • 874 Points 500 badge 2x thumb
Hi Rakesh, 

we are investigating the issue. 
In the mean time, could you provide more details about your code and application?

Also, could the issue be related to one of this StackOverflow posts:
http://stackoverflow.com/questions/30217053/generated-json-web-signature-in-java-produce-invalid-sig...
http://stackoverflow.com/questions/14188239/unable-to-get-token-using-google-apis-google-oauth-java-...

Thanks!
Photo of Rakesh Allampati

Rakesh Allampati

  • 260 Points 250 badge 2x thumb
Thanks Robb and Conte,

Actually i am using the service account and its related p12 file for the generation of the tokens to access the RiseVision API.

The Service Account ID is : 67356889681-compute@developer.gservic...
and the mail id is : anallampatirakesh@gmail.com.

public Core createCore() {
        HttpTransport transport = new NetHttpTransport();   
        JsonFactory jsonfactory = new JacksonFactory();
        GoogleCredential credential = null;
        try {
            credential = new GoogleCredential.Builder().
            setTransport(transport).
            setJsonFactory(jsonfactory).
            setServiceAccountId(env.getProperty(SERVICE_ACCOUNT)).
            setServiceAccountPrivateKeyFromP12File(
            new java.io.File(env.getProperty(FILE_LOCATION)))
            .setServiceAccountUser(env.getProperty(EMAIL))
            .setServiceAccountScopes(Arrays.asList(
            "https://www.googleapis.com/auth/userinfo.email"))
            .build();
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        } catch( IOException e){
            e.printStackTrace();
        }

        Core core = new Core(transport, jsonfactory, credential);
        return core;
    }

This is the code snippet i am using to get the Core  object .

From yesterday on-wards there is no way to get out of this problem even with the other mail id s and their related service accounts even.

There is no related documents even in the rise-vision to get any info about this.

Can you people have a look on it and get us out of it. And i will provide any further information regarding to solve this problem.

Thanks
Photo of aathi rajkumar

aathi rajkumar

  • 154 Points 100 badge 2x thumb
I am also facing same issue when access oauth to get accessToken.I m getting 401 Unauthorized from yesterday .It was woking fine before that. 
Photo of Ezequiel Conte

Ezequiel Conte, Employee

  • 874 Points 500 badge 2x thumb
Hi Rakesh,

It seems from the logs that you were able to access the API today.

We can see requests from anallampatirakesh@gmail.com to sub-company id 9af61e87-5acd-467b-85f9-a4b1fc6cc164. Am I correct?

The email you share in your StackOverflow post (http://stackoverflow.com/questions/35919364/service-account-authentication-gives-401-unauthorized-in...) is associated to another company id and therefore would not have access to the company id you mentioned in your initial post.

Could you share what fixed the issue if that is the case?

Thanks!
Photo of Rakesh Allampati

Rakesh Allampati

  • 260 Points 250 badge 2x thumb
Hi , but in code I didn't mention about company ID I m just trying to access core API passing credentials
Photo of Rakesh Allampati

Rakesh Allampati

  • 260 Points 250 badge 2x thumb
I still didn't fix the issue .. I really don't know actual problem
Photo of Ezequiel Conte

Ezequiel Conte, Employee

  • 874 Points 500 badge 2x thumb
Hi Rakesh,

and about the requests that were working today? Are they from a different code/software?

Thanks
Photo of Rakesh Allampati

Rakesh Allampati

  • 260 Points 250 badge 2x thumb
i set the token manually and tried it...But accessing through the service account and generating tokens based on it still causing the same problem....Is there any procedure to access the risevision through the Service Account from the Client Applications....it will/may identifies the problem or issue which we are missing... 
Photo of Rakesh Allampati

Rakesh Allampati

  • 260 Points 250 badge 2x thumb
All of a sudden it was working now for the above stated service account mail id(And still unsure whether it's the problem with the google or Rise-Vision)...

I don't know how it was happened and it will be better if any of the Rise Vision team provides the information/procedure regarding how the client applications which were able to communicate with the Rise-Vision using the service account else any other way.

Please this will helps further issues which will causes the same problem.

Thanks For the Help 
Photo of Rakesh Allampati

Rakesh Allampati

  • 260 Points 250 badge 2x thumb
The Client application which i am doing is in java to communicate with the rise-vision.
Photo of Ezequiel Conte

Ezequiel Conte, Employee

  • 874 Points 500 badge 2x thumb
Hi Rakesh!

Good to hear that it is working.
And thanks for your suggestion. We will work on improving our documentation with more examples. 

Cheers!