Google平台服务身份验证中的JWT签名无效

时间:2016-11-30 15:05:16

标签: android oauth2 service-accounts

继续使用Cloud Speech API进行测试...... 我已经从here下载了另一个示例,我稍微修改了它,因为不推荐使用ClientAuthInterceptor类。我正在使用服务帐户,相关的使用代码是:

// This is contained in the MainActivity code.
String fCred = _lu.getBasePath() + "auth.json";

try
{
    InputStream isCred = new FileInputStream(fCred);
    ManagedChannel channel = ManagedChannelBuilder.forAddress(HOSTNAME, PORT).build();
    mStreamingClient = new StreamingRecognizeClient(channel, isCred, RECORDER_SAMPLERATE);
}
catch (IOException openEx)
{
    Log.e(MainActivity.class.getSimpleName(), "Error", openEx);
}

// This is contained in the StreamingRecognizeClient class code
public StreamingRecognizeClient(ManagedChannel channel, InputStream credentials, int samplingRate) throws IOException
{
    this.mSamplingRate = samplingRate;
    this.mChannel = channel;
    GoogleCredentials creds = GoogleCredentials.fromStream(credentials);

    if (creds.createScopedRequired())
        creds = creds.createScoped(OAUTH2_SCOPES);

    CallCredentials callCreds = MoreCallCredentials.from(creds);
    mSpeechClient = SpeechGrpc.newStub(channel).withCallCredentials(callCreds);

    credentials.close();
}

在应用初始化期间调用所有此代码,文件 auth.json 是由Google控制台生成的身份验证文件,其中包含项目ID和私钥的所有信息。 然后使用第一个音频数据块调用函数 recognBytes ;在发送实际音频数据之前,您必须发送仅包含识别配置的消息,这可以通过此功能完成:

private void initializeRecognition() throws InterruptedException, IOException
{
    requestObserver = mSpeechClient.streamingRecognize(this);
    RecognitionConfig config = RecognitionConfig.newBuilder().setEncoding(AudioEncoding.FLAC).setSampleRate(mSamplingRate).build();
    StreamingRecognitionConfig streamingConfig = StreamingRecognitionConfig.newBuilder().setConfig(config).setInterimResults(true).setSingleUtterance(true).build();
    StreamingRecognizeRequest initial = StreamingRecognizeRequest.newBuilder().setStreamingConfig(streamingConfig).build();

    requestObserver.onNext(initial);
}

在第一次调用之后,我获得的是400错误代码,如下面的堆栈跟踪所示:

11-30 15:34:12.916 3676-7309/? W/StreamingRecognizeClient: recognize failed: {0}: Status{code=UNAUTHENTICATED, description=null, cause=java.io.IOException: Error getting access token for service account: }
11-30 15:34:12.918 3676-7309/? E/StreamingRecognizeClient: Error to Recognize.
   io.grpc.StatusRuntimeException: UNAUTHENTICATED
       at me.yurifariasg.StreamingRecognizeClient.onError(StreamingRecognizeClient.java:98)
       at io.grpc.stub.ClientCalls$StreamObserverToCallListenerAdapter.onClose(ClientCalls.java:395)
       at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl.close(ClientCallImpl.java:481)
       at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl.access$600(ClientCallImpl.java:398)
       at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInContext(ClientCallImpl.java:513)
       at io.grpc.internal.ContextRunnable.run(ContextRunnable.java:52)
       at io.grpc.internal.SerializingExecutor$TaskRunner.run(SerializingExecutor.java:154)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
       at java.lang.Thread.run(Thread.java:818)
   Caused by: java.io.IOException: Error getting access token for service account: 
       at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:227)
       at com.google.auth.oauth2.OAuth2Credentials.refresh(OAuth2Credentials.java:97)
       at com.google.auth.oauth2.OAuth2Credentials.getRequestMetadata(OAuth2Credentials.java:74)
       at io.grpc.auth.GoogleAuthLibraryCallCredentials$1.run(GoogleAuthLibraryCallCredentials.java:113)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113) 
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588) 
       at java.lang.Thread.run(Thread.java:818) 
   Caused by: com.google.api.client.http.HttpResponseException: 400 Bad Request
       {
           "error" : "invalid_grant",
           "error_description" : "Invalid JWT Signature."
       }
       at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1054)
       at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:225)
                                                            ... 6 more

由于所有签署请求的过程都是由Google图书馆执行的,我不确切知道可以做些什么...... 我已经向试用期间提供的Google技术支持发送了请求,但也许有人有一些建议。

感谢。 鲁道夫。

1 个答案:

答案 0 :(得分:0)

在我的情况下,我将符号文件上传到firebase崩溃报告。在firebase控制台上“生成新的私钥”之后,问题就解决了。那么,你是否试图获得一个新的“auth.json”?

相关问题
最新问题