Reputation: 11
ADC vs Service Account for OAuth2 Token for REST APIs
When I use Application Default Credentials to access GCP resources either through REST API or Java SDKs, I need to run re-authenticate every day using the "gcloud auth application-default login". Otherwise, I see the following error
Caught exception com.google.auth.oauth2.GoogleAuthException: com.google.api.client.http.HttpResponseException: 400 Bad Request POST https://oauth2.googleapis.com/token { "error": "invalid_grant", "error_description": "reauth related error (invalid_rapt)", "error_uri": "https://support.google.com/a/answer/9368756", "error_subtype": "invalid_rapt" }
This may not be an acceptable method for the application to run in a production environment, for the user to re-authenticate everyday manually from a command line. Is there REST API Query/JAVA SDK corresponding to that application default login command, that can be run programmatically instead?
Upvotes: 0
Views: 110
Answers (1)
Reputation: 552
There are many ways you can use GOOGLE_APPLICATION_CREDENTIALS environment variable as part of your application. But the most recommended way is to attach a service account since providing a service account key may have security risks.
You may check also this github link for samples on how to use libraries of Google Java SDK
Upvotes: 0
Related Questions
- How to Auth to Google Cloud using Service Account in Python?
- Set up Google Cloud Platform (GCP) authentication for Terraform Cloud
- Using maven mvn liquibase:generateChangeLog with GCP Mysql
- Bigquery insert job with default service account
- Microsoft Outlook Rest API Oauth2 login uri not able to complete request
- Issue while generating access token using OAuth2 Service Accounts
- Failed to request access token for Fusion Tables API with Google Service Account