i'm trying to handle my Google Agenda by using the Google Calendar APi V3( Java ).
However, i'm quite new to this and to OAUTH2 .. then i've searched for examples and i found one here :
Google Calendar API V3 Java: Unable to use 'primary' for Calendars:get
Here is the code :
import java.io.IOException;
import java.util.Collections;
import java.util.Scanner;
import java.util.Set;
import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.extensions.auth.helpers.Credential;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.calendar.Calendar;
import com.google.api.services.calendar.Calendar.CalendarList;
import com.google.api.services.calendar.CalendarScopes;
import com.google.api.services.calendar.model.CalendarListEntry;
public class App {
public static void main(String[] args) throws IOException{
//Two globals that will be used in each step.
HttpTransport httpTransport = new NetHttpTransport();
JsonFactory jsonFactory = new JacksonFactory();
//Create the authorization code flow manager
Set<String> scope = Collections.singleton(CalendarScopes.CALENDAR);
String clientId = "xxxxxx.apps.googleusercontent.com";
String clientSecret = "xxxxxxxxxxx";
//Use a factory pattern to create the code flow
AuthorizationCodeFlow.Builder codeFlowBuilder =
new GoogleAuthorizationCodeFlow.Builder(
httpTransport,
jsonFactory,
clientId,
clientSecret,
scope
);
AuthorizationCodeFlow codeFlow = codeFlowBuilder.build();
//set the code flow to use a dummy user
//in a servlet, this could be the session id
String userId = "ipeech";
//"redirect" to the authentication url
String redirectUri = "https://www.example.com/oauth2callback";
AuthorizationCodeRequestUrl authorizationUrl = codeFlow.newAuthorizationUrl();
authorizationUrl.setRedirectUri(redirectUri);
System.out.println("Go to the following address:");
System.out.println(authorizationUrl);
//use the code that is returned as a url parameter
//to request an authorization token
System.out.println("What is the 'code' url parameter?");
String code = new Scanner(System.in).nextLine();
AuthorizationCodeTokenRequest tokenRequest = codeFlow.newTokenRequest(code);
tokenRequest.setRedirectUri(redirectUri);
TokenResponse tokenResponse = tokenRequest.execute();
//Now, with the token and user id, we have credentials
com.google.api.client.auth.oauth2.Credential credential = codeFlow.createAndStoreCredential(tokenResponse, userId);
//Credentials may be used to initialize http requests
HttpRequestInitializer initializer = credential;
//and thus are used to initialize the calendar service
Calendar.Builder serviceBuilder = new Calendar.Builder(
httpTransport, jsonFactory, initializer);
serviceBuilder.setApplicationName("Example");
Calendar calendar = serviceBuilder.build();
//get some data
String calendarID = "xxxxxxxxxxx";
getCalendarListSummary(calendarID,calendar);
getAllCalendarListSummary(calendar);
//getCalendarSummary(calendarID,calendar);
}
public static void getCalendarListSummary(String calendarID, Calendar calendar) throws IOException{
CalendarListEntry calendarListEntry = calendar.calendarList().get(calendarID).execute();
System.out.println(calendarListEntry.getSummary());
}
public static void getAllCalendarListSummary (Calendar calendar) throws IOException{
Calendar.CalendarList.List listRequest = calendar.calendarList().list();
com.google.api.services.calendar.model.CalendarList feed = listRequest.execute();
for(CalendarListEntry entry:feed.getItems()){
System.out.println("ID: " + entry.getId());
System.out.println("Summary: " + entry.getSummary());
}
}
When i launch the programm, it asks me to give the authorization code ("What is the 'code' url parameter?") but i don't know where to find it .. Any ideas ?
In this example, there is a part that says "Go to the following address:" you have to copy that url, paste it in the browser and then you will receive the authorization code. Copy that code and paste it after "What is the 'code' url parameter?" and press "Enter" so the program can continue.
This is a basic example and that why the OAuth 2 flow is done that way.
Here is a complete example of a Google calendar java program. I would suggest to first understand how OAuth 2 works, how to create projects in the Developer console and how to create credentials for those projects. Then it would be easier to understand and use the complete example.
Related
Tried going through the internet and google docs they provide OAuth way only. Is there a way to read/write to google sheets with API Key and not OAuth.
After some research, Credential object from google-oath-client module can help. Download the .p12 file from the google account. Code for reading a google sheet without OAUth prompt below. This can also be used to write or append sheets with some modification :
package com.mycomp;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.services.sheets.v4.Sheets;
import com.google.api.services.sheets.v4.SheetsScopes;
import com.google.api.services.sheets.v4.model.ValueRange;
import com.nm.vernacular.services.SpreadSheetsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
/**
* Created by ankushgupta & modified for SO.
*/
public class GoogleSheetsReader {
private static final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
private static final String KEY_FILE_LOCATION = "<Name of p12 file>.p12";
private static final String SERVICE_ACCOUNT_EMAIL = "<email of google service account>";
private static final String APPLICATION_NAME = "Google Sheets API";
private static final Logger LOGGER = LoggerFactory.getLogger(GoogleSheetsReader.class);
/**
* Global instance of the scopes required by this quickstart.
* If modifying these scopes, delete your previously saved credentials/ folder.
*/
private static final List<String> SCOPES = Collections.singletonList(SheetsScopes.SPREADSHEETS);
/**
* Creates an authorized Credential object.
* #return An authorized Credential object.
* #throws IOException If there is no client_secret.
*/
private Credential getCredentials() throws URISyntaxException, IOException, GeneralSecurityException {
//Reading Key File
URL fileURL = GoogleSheetsReader.class.getClassLoader().getResource(KEY_FILE_LOCATION);
// Initializes an authorized analytics service object.
if(fileURL==null) {
fileURL = (new File("/resources/"+ KEY_FILE_LOCATION)).toURI().toURL();
}
// Construct a GoogleCredential object with the service account email
// and p12 file downloaded from the developer console.
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
return new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountPrivateKeyFromP12File(new File(fileURL.toURI()))
.setServiceAccountScopes(SCOPES)
.build();
}
#Override
public List<Object[]> readSheet(String nameAndRange, String key, int[] returnRange) throws GeneralSecurityException, IOException {
final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
final String spreadsheetId = key;
final String range = nameAndRange;
try {
Sheets service = new Sheets.Builder(HTTP_TRANSPORT, JSON_FACTORY, getCredentials())
.setApplicationName(APPLICATION_NAME)
.build();
ValueRange response = service.spreadsheets().values()
.get(spreadsheetId, range)
.execute();
List<List<Object>> values = response.getValues();
int a = returnRange.length;
List<Object[]> result = new LinkedList<>();
if (values == null || values.isEmpty()) {
return Collections.emptyList();
} else {
for (List row : values) {
if(row.size() >= a) {
Object[] objArr = new Object[a];
for(int i=0;i<a;i++) {
objArr[i] = row.get(returnRange[i]);
}
result.add(objArr);
}
}
}
return result;
} catch(Exception ex) {
LOGGER.error("Exception while reading google sheet", ex);
} finally {
}
return null;
}
public static void main(String[] args) {
GoogleSheetsReader reader = new GoogleSheetsReader();
reader.readSheet("<Sheet Name>!A2:B", "<sheets key from URL>", new int[]{0, 1});
}
}
Based from this documentation, when your application requests public data, the request doesn't need to be authorized, but does need to be accompanied by an identifier, such as an API key.
Every request your application sends to the Google Sheets API needs to identify your application to Google. There are two ways to identify your application: using an OAuth 2.0 token (which also authorizes the request) and/or using the application's API key. Here's how to determine which of those options to use:
If the request requires authorization (such as a request for an individual's private data), then the application must provide an OAuth 2.0 token with the request. The application may also provide the API key, but it doesn't have to.
If the request doesn't require authorization (such as a request for public data), then the application must provide either the API key or an OAuth 2.0 token, or both—whatever option is most convenient for you.
However, there are some scopes which require OAuth authorization. Check this link: Access Google spreadsheet API without Oauth token.
Using API key, you can read from google sheets, but only if the sheet is shared with public.
However to write to google sheets, you must you OAuth. See this link.
Im using the new webmaster tools api to get all my site's crawling errors (+ details). Unfort. it only gives me 1000 but i have like 10000. Is there a way to get all of them ?
This is the code i use:
package main;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.webmasters.Webmasters;
import com.google.api.services.webmasters.Webmasters.Urlcrawlerrorssamples;
import com.google.api.services.webmasters.model.SitesListResponse;
import com.google.api.services.webmasters.model.UrlCrawlErrorsSample;
import com.google.api.services.webmasters.model.UrlCrawlErrorsSamplesListResponse;
import com.google.api.services.webmasters.model.WmxSite;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Arrays;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
public class WebmastersCommandLine {
private static String CLIENT_ID = "...";
private static String CLIENT_SECRET = "...";
private static String REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
private static String OAUTH_SCOPE = "https://www.googleapis.com/auth/webmasters.readonly";
private static String PAGE_URL = "...";
public static void main(String[] args) throws IOException {
HttpTransport httpTransport = new NetHttpTransport();
JsonFactory jsonFactory = new JacksonFactory();
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
httpTransport, jsonFactory, CLIENT_ID, CLIENT_SECRET, Arrays.asList(OAUTH_SCOPE))
.setAccessType("online")
.setApprovalPrompt("auto").build();
String url = flow.newAuthorizationUrl().setRedirectUri(REDIRECT_URI).build();
System.out.println("open URL:");
System.out.println(" " + url);
System.out.println("code:");
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
String code = br.readLine();
GoogleTokenResponse response = flow.newTokenRequest(code).setRedirectUri(REDIRECT_URI).execute();
GoogleCredential credential = new GoogleCredential().setFromTokenResponse(response);
// Create a new authorized API client
Webmasters service = new Webmasters.Builder(httpTransport, jsonFactory, credential)
.setApplicationName("WebmastersCommandLine")
.build();
Webmasters.Urlcrawlerrorssamples.List req2 = service.urlcrawlerrorssamples().list(PAGE_URL, "notFound", "web");
try
{
UrlCrawlErrorsSamplesListResponse urlList = req2.execute();
System.out.println("start");
for(UrlCrawlErrorsSample sample : urlList.getUrlCrawlErrorSample())
{
Webmasters.Urlcrawlerrorssamples.Get req3 = service.urlcrawlerrorssamples().get(PAGE_URL, sample.getPageUrl(), "notFound", "web");
UrlCrawlErrorsSample details = req3.execute();
System.out.println(sample.getPageUrl() + "," + details.getUrlDetails().getLinkedFromUrls());
}
}
catch(IOException e)
{
System.out.println("An error occurred: " + e);
}
System.out.println("done");
}
}
This however only gives me a list of 1000 errors, but i need all 10000 of them. Does anybody know a way to do that ?
The Webmaster Tools API URL Crawl Errors Sample method returns a sample of 1000 crawl errors. It's not meant to return a complete list (you could compile that from your server logs). If you want more samples through the API, one thing you can do is to mark these errors as fixed and check back in a day. It will then generate a set of samples from the remaining crawl errors.
The order of the samples is the same as in the UI, so the more important ones will be the first ones you see. This means that there are diminishing returns as you move on, with later crawl errors being either similar to the previous ones, or at least seen as being less critical. The original blog post has more on the prioritization:
We determine this based on a multitude of factors, including whether
or not you included the URL in a Sitemap, how many places it’s linked
from (and if any of those are also on your site), and whether the URL
has gotten any traffic recently from search.
I am embarrassed that I'm simply failing with an example piece of code, but I'll blame it on the fact that it is late...
I have taken a copy and paste of: https://developers.google.com/gmail/api/quickstart/quickstart-java
and downloaded the client libraries: https://code.google.com/p/google-api-java-client/
and https://developers.google.com/api-client-library/java/apis/gmail/v1
When I run the sample, I get the following exception:
Exception in thread "main" java.lang.IllegalArgumentException
at com.google.api.client.repackaged.com.google.common.base.Preconditions.checkArgument(Preconditions.java:76)
at com.google.api.client.util.Preconditions.checkArgument(Preconditions.java:37)
at com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets.getDetails(GoogleClientSecrets.java:82)
at com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow$Builder.<init>(GoogleAuthorizationCodeFlow.java:195)
at com.emailreply.musterion.GmailApiQuickstart.main(GmailApiQuickstart.java:40)
Googling, I can't find a simple answer, so am assuming stupidity or a library missing/incorrect.
The libraries as I have them are:
/libs/commons-logging-1.1.1.jar
/libs/google-api-client-1.19.0.jar
/libs/google-api-client-android-1.19.0.jar
/libs/google-api-client-appengine-1.19.0.jar
/libs/google-api-client-gson-1.19.0.jar
/libs/google-api-client-jackson2-1.19.0.jar
/libs/google-api-client-java6-1.19.0.jar
/libs/google-api-client-servlet-1.19.0.jar
/libs/google-http-client-1.19.0.jar
/libs/google-http-client-android-1.19.0.jar
/libs/google-http-client-appengine-1.19.0.jar
/libs/google-http-client-gson-1.19.0.jar
/libs/google-http-client-jackson2-1.19.0.jar
/libs/google-http-client-jdo-1.19.0.jar
/libs/google-oauth-client-1.19.0.jar
/libs/google-oauth-client-appengine-1.19.0.jar
/libs/google-oauth-client-java6-1.19.0.jar
/libs/google-oauth-client-jetty-1.19.0.jar
/libs/google-oauth-client-servlet-1.19.0.jar
/libs/gson-2.1.jar
/libs/httpclient-4.0.1.jar
/libs/httpcore-4.0.1.jar
/libs/jackson-core-2.1.3.jar
/libs/jdo2-api-2.3-eb.jar
/libs/jetty-6.1.26.jar
/libs/jetty-util-6.1.26.jar
/libs/jsr305-1.3.9.jar
/libs/transaction-api-1.1.jar
google-api-services-gmail-v1-rev10-1.19.0.jar
The example mentioned above:
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Arrays;
import java.util.List;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleOAuthConstants;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.gmail.Gmail;
import com.google.api.services.gmail.model.ListThreadsResponse;
import com.google.api.services.gmail.model.Thread;
public class GmailApiQuickstart {
// Check https://developers.google.ciom/gmail/api/auth/scopes for all available scopes
private static final String SCOPE = "https://www.googleapis.com/auth/gmail.readonly";
private static final String APP_NAME = "Gmail API Quickstart";
// Email address of the user, or "me" can be used to represent the currently authorized user.
private static final String USER = "me";
// Path to the client_secret.json file downloaded from the Developer Console
private static final String CLIENT_SECRET_PATH = "./client_secret.json";
public static void main (String [] args) throws IOException {
HttpTransport httpTransport = new NetHttpTransport();
JsonFactory jsonFactory = new JacksonFactory();
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(jsonFactory, new BufferedReader(new InputStreamReader(GmailApiQuickstart.class.getResourceAsStream(CLIENT_SECRET_PATH))));
// Allow user to authorize via url.
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
httpTransport, jsonFactory, clientSecrets, Arrays.asList(SCOPE))
.setAccessType("online")
.setApprovalPrompt("auto").build();
String url = flow.newAuthorizationUrl().setRedirectUri(GoogleOAuthConstants.OOB_REDIRECT_URI).build();
System.out.println("Please open the following URL in your browser then type the authorization code:\n" + url);
// Read code entered by user.
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
String code = br.readLine();
// Generate Credential using retrieved code.
GoogleTokenResponse response = flow.newTokenRequest(code)
.setRedirectUri(GoogleOAuthConstants.OOB_REDIRECT_URI).execute();
GoogleCredential credential = new GoogleCredential()
.setFromTokenResponse(response);
// Create a new authorized Gmail API client
Gmail service = new Gmail.Builder(httpTransport, jsonFactory, credential)
.setApplicationName(APP_NAME).build();
// Retrieve a page of Threads; max of 100 by default.
ListThreadsResponse threadsResponse = service.users().threads().list(USER).execute();
List<Thread> threads = threadsResponse.getThreads();
// Print ID of each Thread.
for (Thread thread : threads) {
System.out.println("Thread ID: " + thread.getId());
}
}
}
I replaced the reference to CLIENT_SECRET_PATH with:
new BufferedReader(new InputStreamReader(GmailApiQuickstart.class.getResourceAsStream(CLIENT_SECRET_PATH)))
for no other reason than to try something different. It does work and reads the file correctly.
Any ideas?
Right, after some more research (asking a colleague/genius), I found the problem. Basically the GoogleClientSecrets object was not being properly bound with the information from my client_secrets.json file. This meant that during authentication, objects were null resulting in the IllegalArgumentException.
So the original file which looked like this:
{
"private_key_id": "zzz",
"private_key": "-----BEGIN PRIVATE KEY-----\nxyz\n-----END PRIVATE KEY-----\n",
"client_email": "1234#developer.gserviceaccount.com",
"client_id": "1wdfghyjmp.apps.googleusercontent.com",
"type": "service_account"
}
was edited to look like this:
{
"web" : {
"private_key_id": "zzz",
"private_key": "-----BEGIN PRIVATE KEY-----\nxyz\n-----END PRIVATE KEY-----\n",
"client_email": "1234#developer.gserviceaccount.com",
"client_id": "1wdfghyjmp.apps.googleusercontent.com",
"type": "service_account"
}
}
This allowed me to progress through the code with authentication.
Hope this helps.
here is a working example of non-interactive auth for Google Non-interactive authorization with Google OAuth2
the problem is not in "web" tag in the client json, but rather in the fact that their example is for web authentication while their suggested way of generating credentials is for non-interactive "service account". they have multiple problems with their documentation.
I am writing a class for creating authorization to BigQuery and Google Cloud Storage.
In the past I have used CredentialStore which has been deprecated. I am trying to use DataStoreFactory but I discovered that it allows me to use only StoredCredential while I need a Credential.
I know one can convert from Credential to StoredCredential but I am not sure how to convert them in the opposite direction (StoredCredential to Credential). For example I am creating my connection like this:
Storage.Builder(HttpTransport transport,
JsonFactory jsonFactory,
HttpRequestInitializer httpRequestInitializer);
Could anyone point me in a direction about how to achieve this?
Thank you!
In most cases, wherever you use Credential, you could use StoredCredential. There is only one point you would work with Credential, which is retrieving the Access Token during the OAuth callback. From there the Credential can be converted to StoreCredential and stored into the DataStore. After that storage and retrieval all works with StoredCredential.
But there are places were StoredCredential can't be used. I just encountered one trying to create the Google Drive API Service wrapper.
There is a way to get around this with the GoogleCredential object, it can be created from StoredCredential as per this answer:
Stored Credential from Google API to be reused using Java
import com.google.api.client.auth.oauth2.StoredCredential;
public static GoogleCredential createGoogleCredential(StoredCredential storedCredential) {
GoogleCredential googleCredential = new GoogleCredential.Builder()
.setTransport(new NetHttpTransport())
.setJsonFactory(new JacksonFactory())
.setClientSecrets("client_id", "client_secret")
.setAccessToken(storedCredential.getAccessToken())
.build();
return googleCredential;
}
I'm using google-oauth-client-1.22.0.jar.
I have a Java server with static Service Account credentials that authenticates with Google Cloud.
Here is the salient code that I use.
The key here is to add a CredentialRefreshListener which, when you successfully authenticate, then the Google OAuth client library will call and give you a StoredCredential object which you can serialize and store. You store it, and retrieve it, to a location of your choice by writing or instantiating an implemenation of the DataStore interface. Your DataStore implementation is constructed using a DataStoreFactory implementation.
After building my GoogleCredential, then I can read the last access token, refresh token and expiration date from my DataStore.
If the access token isn't about to expire, then the Google client API will use it to log in.
When it's about to expire, or this is the first time this code is called, then the Google Client API will invoke the refresh listener and it will store the first access token, refresh token and expiration date.
import com.google.api.client.auth.oauth2.DataStoreCredentialRefreshListener;
import com.google.api.client.auth.oauth2.StoredCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.IOUtils;
import com.google.api.client.util.store.AbstractDataStore;
import com.google.api.client.util.store.AbstractDataStoreFactory;
import com.google.api.client.util.store.DataStore;
import com.google.api.client.util.store.DataStoreFactory;
import com.google.api.services.storage.Storage;
import com.google.api.services.storage.StorageScopes;
import com.google.api.services.storage.model.StorageObject;
import java.io.IOException;
import java.io.Serializable;
import java.util.Base64;
public class StackOverflow {
public static void main(final String... args) throws Exception {
final String clientEmail = "todd.snider#aimless.com";
final HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport();
final JsonFactory jsonFactory = new JacksonFactory();
// This implementation generates an that stores and retrieves StoredCredential objects
final DataStoreFactory dataStoreFactory = new AbstractDataStoreFactory() {
#Override
protected <V extends Serializable> DataStore<V> createDataStore(final String id) {
return new MyDataStore<>(this, id);
}
};
// construct a GoogleCredential object to access Google Cloud
final GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(transport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(clientEmail)
.setServiceAccountScopes(StorageScopes.all())
.setServiceAccountPrivateKey(readEncryptedPemFile())
.setServiceAccountPrivateKeyId("___static_get_this_from_google_console___")
.addRefreshListener(new DataStoreCredentialRefreshListener(clientEmail, dataStoreFactory))
.build();
// See I have an access token, refresh token and expiration date stored in my DataStore.
// If so, set them on the GoogleCredential
final StoredCredential storedCredential = StoredCredential.getDefaultDataStore(dataStoreFactory).get(clientEmail);
if (storedCredential != null) {
credential.setAccessToken(storedCredential.getAccessToken());
credential.setRefreshToken(storedCredential.getRefreshToken());
credential.setExpirationTimeMilliseconds(storedCredential.getExpirationTimeMilliseconds());
}
// Now I can use Google Cloud
final Storage storage = new Storage.Builder(credential.getTransport(), credential.getJsonFactory(), credential).setApplicationName("Aimless").build();
storage.objects().insert("soem bucket", new StorageObject());
}
private static class MyDataStore<V extends Serializable> extends AbstractDataStore<V> {
MyDataStore(DataStoreFactory dataStoreFactory1, String id1) {
super(dataStoreFactory1, id1);
}
#Override
public DataStore<V> set(String key, V value) throws IOException {
final String encoded = Base64.getEncoder().encodeToString(IOUtils.serialize(value));
db.save(key, encoded);
return this;
}
#Override
public V get(String key) throws IOException {
final String encoded = db.get(key);
if (encoded == null) {
return null;
}
return IOUtils.deserialize(Base64.getDecoder().decode(encoded));
}
// etc.
}
I'm trying to access Google BigQuery using Service Account approach. My code is as follows:
private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("XXXXX#developer.gserviceaccount.com")
.setServiceAccountScopes(BigqueryScopes.BIGQUERY)
.setServiceAccountPrivateKeyFromP12File(
new File("PATH-TO-privatekey.p12"))
.build();
Bigquery bigquery = Bigquery.builder(HTTP_TRANSPORT, JSON_FACTORY).setHttpRequestInitializer(credentials)
.build();
com.google.api.services.bigquery.Bigquery.Datasets.List datasetRequest = bigquery.datasets().list(
"PROJECT_ID");
DatasetList datasetList = datasetRequest.execute();
if (datasetList.getDatasets() != null) {
java.util.List<Datasets> datasets = datasetList.getDatasets();
System.out.println("Available datasets\n----------------");
for (Datasets dataset : datasets) {
System.out.format("%s\n", dataset.getDatasetReference().getDatasetId());
}
}
But it throws the following exception:
Exception in thread "main" com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
{
"code" : 401,
"errors" : [ {
"domain" : "global",
"location" : "Authorization",
"locationType" : "header",
"message" : "Authorization required",
"reason" : "required"
} ],
"message" : "Authorization required"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:159)
at com.google.api.client.googleapis.json.GoogleJsonResponseException.execute(GoogleJsonResponseException.java:187)
at com.google.api.client.googleapis.services.GoogleClient.executeUnparsed(GoogleClient.java:115)
at com.google.api.client.http.json.JsonHttpRequest.executeUnparsed(JsonHttpRequest.java:112)
at com.google.api.services.bigquery.Bigquery$Datasets$List.execute(Bigquery.java:979)
The exception is fired on this line:
DatasetList datasetList = datasetRequest.execute();
I'm getting the account ID from Google's API console from the second line on the section that looks like this:
Client ID: XXXXX.apps.googleusercontent.com
Email address: XXXXX#developer.gserviceaccount.com
What am I missing?
Eureka! Both Eric's and Michael's code works well.
The error posted in the question can be reproduced by setting the time on the client machine incorrectly. Fortunately, it can be solved by setting the time on the client machine correctly.
Note: For what it's worth, I synchronized the time on a Windows 7 box using the "Update now" button in the "Internet Time Settings" dialog. I figured that should be pretty idiot-proof... but I guess I beat the system. It corrected the seconds but left the machine off by exactly one minute. The BigQuery call failed after that. It succeeded after I manually changed the time.
Our error handling code in the Java library needs to be improved a bit!
It looks like the signed JWT for requesting an OAuth access token is failing. You can see this by enabling the logs that #MichaelManoochehri mentioned above.
There's only a few things that I think could be causing this failure:
Invalid signature (using the wrong key)
Invalid e-mail address for the service account (I think that's been ruled out)
Invalid date/time stamp used for generating the signed blob (an issue date, and an expiration date)
Invalid scope (I think that's been ruled out)
You should check that your date/time is properly set on your server with the proper timezone -- sync'd to NTP. You can use time.gov to see the official US atomic clock time.
EDIT: The answer I gave below is relevant to using Google App Engine Service Accounts - leaving here for reference.
Double check that you have added your service account address to your project's team page as an owner.
I'd recommend using the AppIdentityCredential class to handle service account auth. Here's a small snippet that demonstrates this, and I'll add additional documentation about this on the BigQuery API developer page.
Also, make sure that you are using the latest version of the Google Java API client (as of today, it's version "v2-rev5-1.5.0-beta" here).
import java.io.IOException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.google.api.client.googleapis.extensions.appengine.auth.oauth2.AppIdentityCredential;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.http.json.JsonHttpRequest;
import com.google.api.client.http.json.JsonHttpRequestInitializer;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson.JacksonFactory;
import com.google.api.services.bigquery.Bigquery;
import com.google.api.services.bigquery.BigqueryRequest;
#SuppressWarnings("serial")
public class Bigquery_service_accounts_demoServlet<TRANSPORT> extends HttpServlet {
// ENTER YOUR PROJECT ID HERE
private static final String PROJECT_ID = "";
private static final HttpTransport TRANSPORT = new NetHttpTransport();
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
private static final String BIGQUERY_SCOPE = "https://www.googleapis.com/auth/bigquery";
AppIdentityCredential credential = new AppIdentityCredential(BIGQUERY_SCOPE);
Bigquery bigquery = Bigquery.builder(TRANSPORT,JSON_FACTORY)
.setHttpRequestInitializer(credential)
.setJsonHttpRequestInitializer(new JsonHttpRequestInitializer() {
public void initialize(JsonHttpRequest request) {
BigqueryRequest bigqueryRequest = (BigqueryRequest) request;
bigqueryRequest.setPrettyPrint(true);
}
}).build();
public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws IOException {
resp.setContentType("text/plain");
resp.getWriter().println(bigquery.datasets()
.list(PROJECT_ID)
.execute().toString());
}
}
Here is a complete snippet for reference:
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson.JacksonFactory;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.services.bigquery.Bigquery;
import com.google.api.services.bigquery.Bigquery.Datasets;
import com.google.api.services.bigquery.model.DatasetList;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
public class BigQueryJavaServiceAccount {
private static final String SCOPE = "https://www.googleapis.com/auth/bigquery";
private static final HttpTransport TRANSPORT = new NetHttpTransport();
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
public static void main(String[] args) throws IOException, GeneralSecurityException {
GoogleCredential credential = new GoogleCredential.Builder().setTransport(TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("XXXXXXX#developer.gserviceaccount.com")
.setServiceAccountScopes(SCOPE)
.setServiceAccountPrivateKeyFromP12File(new File("my_file.p12"))
.build();
Bigquery bigquery = Bigquery.builder(TRANSPORT, JSON_FACTORY)
.setApplicationName("Google-BigQuery-App/1.0")
.setHttpRequestInitializer(credential).build();
Datasets.List datasetRequest = bigquery.datasets().list("publicdata");
DatasetList datasetList = datasetRequest.execute();
System.out.format("%s\n", datasetList.toPrettyString());
}