Unable to use Javascript Wallet client with a service account from different GCP project

Question

I am attempting to use the Google Wallet node.js api with a service account. The service account comes from a different GCP project. I have granted the service account the appropriate role so that it can operate on the project that is associated with my Google Wallet API.

I have been able to use the service account with the Wallet APIs from Python. To do this I had to specifically target my wallet project by adding .with_quota_project("target-project") to my Credentials.

The node.js equivalent seems to be specifying the projectId when creating the GoogleAuth that is provided to the google.walletobjects client:

This is how I create my client:

const projectId = 'target-project'
const scopes = ['https://www.googleapis.com/auth/wallet_object.issuer']
const credentials = JSON.parse(googleWalletCredentials)

const auth = new GoogleAuth({
      projectId,
      credentials,
      scopes
})

this.client = google.walletobjects({
  version: 'v1',
  auth: auth
})

When I attempt to use the client I am getting an error:

Google Wallet API has not been used in project <SERVICE_ACCT_PROJECTID> before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/walletobjects.googleapis.com/overview?project=<SERVICE_ACCT_PROJECTID> then retry.

This is the error I was getting in my Python script before I added the with_quota_project.

I have tried overriding the project_id in the credentials json. I have verified that the projectId in the GoogleAuth instance is correct, 'target-project'. It seems that the wallet client is ignoring the project from the auth.

Have I done something wrong? Or is it broken?

Answer 1

It seems that the wallet api does ignore the project in the GoogleAuth object. I was able to get it to work by specifying the X-Goog-User-Project header:

this.client = google.walletobjects({
  version: 'v1',
  auth: auth
  headers: {
      'X-Goog-User-Project': projectId
  }
})