{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 冷血范 的问题《got 'invalid_grant' in oauth2 SignedJwtAss》','https://www.manongdao.com/q-499527.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to make an oauth2 access_token in a server-to-server JSON API scenario. But it failed with invalid_grant error, please help.
from oauth2client.client import SignedJwtAssertionCredentials
KEY_FILE = 'xxxxxxxxxxxx-privatekey.p12'
with open(KEY_FILE, 'r') as fd:
key = fd.read()
SERVICE_ACCOUNT_EMAIL = 'xxxxxx.apps.googleusercontent.com'
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
scope="https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/userinfo.email",
token_uri='https://accounts.google.com/o/oauth2/token')
assertion = credentials._generate_assertion()
h = httplib2.Http()
credentials._do_refresh_request(h.request)
and I got
Traceback (most recent call last):
File "/Users/pahud/Projects/oauth2client/x.py", line 24, in <module>
credentials._do_refresh_request(h.request)
File "/Users/pahud/Projects/oauth2client/oauth2client/client.py", line 710, in _do_refresh_request
raise AccessTokenRefreshError(error_msg)
oauth2client.client.AccessTokenRefreshError: invalid_grant
[Finished in 0.7s with exit code 1]
I have the same problem.
To solve the problem, you need to notice the following elements:
Did you use client_secrets.json in your program? If yes, check whether the name is the same as that in your current directory.
The "
client_email" or the "SERVICE_ACCOUNT_EMAIL" is not your personal email or the client id. It is "client id's email". You can check that email in https://console.developers.google.com/project/==>credentials==>Service account==>email address.Basically, if your client id is:
<clientid>.apps.googleusercontent.comYou client email here would be:
<clientid>@developer.gserviceaccount.comI fixed it.
the above is client ID not Email, I fixed this and it's working now.
In my case the problem was with the .boto file. Try to configure it again with the credentials from the Service account.
For the ones using fallback:
gcs_oauth2_boto_plugin.SetFallbackClientIdAndSecret(CLIENT_ID, CLIENT_SECRET)use for the fallback any "Client ID for native application". This is not necessary as its said in: https://cloud.google.com/storage/docs/gspythonlibrary
but i couldn't find other way, it was throwing errors without it.