Reputation: 224
C# Error when using Google Sheets API with service account
I am trying to use my service account to work with Google Sheets API inside my .net 5 app. I started with "quickstart" example and it works fine. But I need to put my app inside docker container, so authorization from "quickstart" that uses browser doesn't fit me.
I decided to try to authorize with google service account. I found this solution but when I am trying to execute any request it throws error 'Error:"invalid_grant", Description:"Invalid JWT Signature.", Uri:""'
Here's my code for credentials setup:
using System.IO;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Sheets.v4;
namespace GoogleSheetsParser.Helpers
{
public class GoogleSheetsServiceSettings
{
private static readonly string[] Scopes = { SheetsService.Scope.Spreadsheets };
public static ServiceAccountCredential Credential { get; private set; }
public static void Setup()
{
var serviceAccountEmail = "[email protected]";
using Stream stream = new FileStream("credentials.json", FileMode.Open, FileAccess.Read, FileShare.Read);
var credential = (ServiceAccountCredential)
GoogleCredential.FromStream(stream).UnderlyingCredential;
var initializer = new ServiceAccountCredential.Initializer(credential.Id)
{
User = serviceAccountEmail,
Key = credential.Key,
Scopes = Scopes
};
Credential = new ServiceAccountCredential(initializer);
}
}
}
Here's my Startup.cs
namespace GoogleSheetsParser
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddSingleton(Configuration);
GoogleSheetsServiceSettings.Setup();
var sheetsService = new SheetsService(new BaseClientService.Initializer
{
ApplicationName = Configuration.GetValue<string>("ApplicationName"),
HttpClientInitializer = GoogleSheetsServiceSettings.Credential
});
services.AddSingleton(sheetsService);
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
Here's usage of configured sheets service:
using Microsoft.AspNetCore.Mvc;
using Google.Apis.Sheets.v4;
using GoogleSheetsParser.Dto;
namespace GoogleSheetsParser.Controllers
{
[ApiController]
[Route("[controller]")]
public class SheetsController : ControllerBase
{
private SheetsService SheetsService { get; }
public SheetsController(SheetsService sheetsService)
{
SheetsService = sheetsService;
}
[HttpGet]
public JsonResult GetSheets([FromQuery] GetSheetsRequestDto dto)
{
var spreadsheet = SheetsService.Spreadsheets.Get(dto.SpreadsheetId).Execute();
}
}
}
Testing it on my local machine in Visual Studio project.
What am I missing?
Upvotes: 2
Views: 1015
Answers (1)
Reputation: 1503290
It's somewhat unclear to me why it's using a JWT here at all, but you can definitely avoid going quite as low-level, using GoogleCredential.CreateWithUser and GoogleCredential.CreateScoped. Here's the code I'd write in your Setup:
using System.IO;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Sheets.v4;
namespace GoogleSheetsParser.Helpers
{
public class GoogleSheetsServiceSettings
{
public static GoogleCredential Credential { get; private set; }
public static void Setup() =>
Credential = GoogleCredential.FromFile("credentials.json")
.CreateScoped(SheetsService.Scope.Spreadsheets)
.CreateWithUser("[email protected]");
}
}
It's not clear why you'd set the user to a different service account though - normally you use CreateWithUser to impersonate a regular user with a service account. If you want to act as a service account, just generate a JSON file with credentials for that service account, and don't bother with impersonation.
Upvotes: 2
Related Questions
- Using .Net to access Google Sheets with a service account generates a "The caller does not have permission [403]" error
- Authenticate to use Google Sheets with service account instead of personal account in C# .NET
- Google Sheet Api - Error when sending the request in ASP .NET
- Google Sheet API error The caller does not have permission
- Google.Apis.Requests.RequestError
- Google Sheets Api Request had insufficient authentication scopes
- How to authorize the Google Sheets API from a Windows Service
- NotImplementedException when Accessing ServiceAccountCredential C#
- How to use SpreadsheetsService authenticated by ServiceAccountCredential?
- Using Google SpreadsheetsService with Service Account