google-cloud-platformgoogle-hangoutshangouts-api

google api access token null for local java client with service account

I created a service account to use Google chat (not bot) from a local java client. My objective is to migrate flowdock data to Google chat.

I tried different means to get access token using service account and looked at several docs and forums...

Certificate is loaded with all certificate informations. But access token stays null.

public class ChatScopes {
static final String CHAT_SPACES = "https://chat.googleapis.com/v1/spaces";
static final String CLOUD_AUTH = "https://www.googleapis.com/auth/cloud-platform";
static final String CHAT_MESSAGES = "https://www.googleapis.com/chat.messages.create";
static final String CHAT_SPACES_2 = "https://www.googleapis.com/chat.spaces.create";
static final List<String> scopes = Lists.newArrayList(
        ChatScopes.CLOUD_AUTH, 
        ChatScopes.CHAT_SPACES,
        ChatScopes.CHAT_SPACES_2, 
        ChatScopes.CHAT_MESSAGES);

}
...

GoogleCredentials credentials = GoogleCredentials
            .fromStream(AuthenticationService.class.getResourceAsStream(CERT_FILE))
            .createScoped(ChatScopes.scopes);

1.a

AccessToken token = credentials.refreshAccessToken(); // IOException: Error parsing token refresh response. Expected value access_token not found.

1.b

AccessToken token = credentials.getAccessToken(); // token is null

Update with example Service account##

GoogleCredential credentials = GoogleCredential
            .fromStream(AuthenticationService.class.getResourceAsStream(CERT_FILE_2))
            .createScoped(Collections.singleton(ChatScopes.CHAT_SPACES));

return new HangoutsChat.Builder(httpTransport, JSON_FACTORY, credentials )
            .setApplicationName(APP_NAME)
            .build();
            .build();

response when requesting using hangoutsChat because access token stays null (with or without calling refresh and/or getAccessToken)
GET https: //chat.googleapis.com/v1/spaces

{
"code": 401,
"details": [
    {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "CREDENTIALS_MISSING"
    }
],
"errors": [
    {
        "domain": "global",
        "location": "Authorization",
        "locationType": "header",
        "message": "Login Required.",
        "reason": "required"
    }
],
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"

}

Solution

  • It seems we need some clean code crafting here. The error came in fact from wrong scopes declaration. Adding chat bot (why as I don't need bot ?) made me advance.

    Scopes

    public class ChatScopes {
static final String CLOUD_SCOPE = "https://www.googleapis.com/auth/cloud-platform";
static final String CHAT_SCOPE = "https://www.googleapis.com/auth/chat";
static final String CHAT_BOT_SCOPE = "https://www.googleapis.com/auth/chat.bot";
static final List<String> scopes = Lists.newArrayList(
    CLOUD_SCOPE,
    CHAT_SCOPE,
    CHAT_BOT_SCOPE);