-
Notifications
You must be signed in to change notification settings - Fork 222
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IllegalArgumentException when parsing token #1027
Comments
Thanks for reporting! without checking the response status, the code indeed looks incorrect |
Just wasted several hours being stuck with the same problem... The root cause of the issue in my case with
But this code here doesn't check if response was successful at all. It was just passing This pull request partially addressed the issue but it only covers 503 response code and as you can see in my case it was 404 response code. In other words, I think the right fix would be to make sure that the response is EDIT: not sure how many various |
@kberezin-nshl Thanks for investigating. The fix that you have mentioned was indeed a short-term fix for the most common case. We will consider a proper fix. It would help if you share any stats/scenario when you get a repro of the error? Thanks! |
@TimurSadykov sure. In my case, I tried to follow this guide to get a token in order to access IAP-protected resource from Cloud Build environment. Here's shortened version (will crash if run in Cloud Build using default service account):
|
This is the only issue ticket mentioning the error message "please provide a user-specified service account" when trying to get an ID-token via the metadata endpoint within a VM. |
Thanks for stopping by to let us know something could be better!
PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.
Please run down the following list and make sure you've tried the usual "quick fixes":
If you are still having issues, please include as much information as possible:
Environment details
Steps to reproduce
Occasionally we see errors refreshing a token, with the actual source of the error being:
https://github.com/googleapis/google-http-java-client/blob/9f389ef89195af77eff8f1e1c1c9ee9bf9c7792c/google-http-client/src/main/java/com/google/api/client/json/webtoken/JsonWebSignature.java#L544
Following through the code I get back to here
google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java
Line 241 in c813d55
So - purely speculating - it looks to me that the HTTP request may sometimes not error out but instead return a non-200 response with an error in the body which is then not parsable as a token. I have no proof of this but it seems plausible based on the code.
If this is happening IMO it would be better to have a more specific error, the IllegalArgumentException is very odd and confusing, though of course the end result is the same (i.e. the token is not refreshed).
Code example
// example
Stack trace
External references such as API reference guides
Any additional information below
Following these steps guarantees the quickest resolution possible.
Thanks!
The text was updated successfully, but these errors were encountered: