1

I'm trying to make requests to the Google API to create source repositories using a service account and his JSON key file. Since there are no client libraries for this product, I am using the queries with Python using this documentation https://cloud.google.com/source-repositories/docs/reference/rest

I already used a similar code to invoke my cloud-functions with success, but this time I'm block for these requests at the 401 error. I set up the GOOGLE_APPLICATION_CREDENTIALS with the JSON of my service account, give the service-account the permissions of Source Repository Administrator, but still return 401.

Here's my code

import urllib.request
import json
import urllib
import google.auth.transport.requests
import google.oauth2.id_token

body = { "name" : "projects/$my_project_name/repos/$name_repo"}
jsondata = json.dumps(body).encode("utf8")
req = urllib.request.Request('https://sourcerepo.googleapis.com/v1/projects/$my_project_name/repos')
req.add_header('Content-Type', 'application/json; charset=utf-8')

auth_req = google.auth.transport.requests.Request()
id_token = google.oauth2.id_token.fetch_id_token(auth_req, 'https://www.googleapis.com/auth/cloud-platform')
req.add_header("Authorization", f"Bearer {id_token}")
response = urllib.request.urlopen(req, jsondata)
print (response.read().decode())

I tried also using the with an API-KEY at the end of the url like this

req = urllib.request.Request('https://sourcerepo.googleapis.com/v1/projects/$my_project_name/repos?key=$my-api-key')

Thank you

Improve this question
0

2 Answers 2

Reset to default
2

I tried also using the with an API-KEY at the end of the url like this

API Keys are not supported.

Your code is using an OIDC Identity Token instead of an OAuth Acess Token.

from google.oauth2 import service_account

credentials = service_account.Credentials.from_service_account_file(
    '/path/to/key.json',
    scopes=['https://www.googleapis.com/auth/cloud-platform'])


request = google.auth.transport.requests.Request()
credentials.refresh(request)

// Use the following code to add the access token:

req.add_header("Authorization", f"Bearer {credentials.token}")
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

for me it is not working ERROR is - "AttributeError: module 'google.auth.transport.requests' has no attribute 'get' ", could @John help on this. Using everything you said...
@IndrajeetGour - create a new question with your code, imports, error, etc.
@JohnHanley, I posted my question here - stackoverflow.com/questions/71562904/…
0

For me it worked as follows:
I am using python version 3.9

import google.auth
import google.oauth2.id_token
creds, _ = google.auth.default()
auth_req = google.auth.transport.requests.Request()
creds.refresh(auth_req)

response = requests.post(
        f"{url}/route_here",
        json=payload,
        headers={
            "Content-Type": "application/json",
            "Authorization": f"Bearer {creds.id_token}",
        },
    )

To use Bearer use id_token inside creds, to use OIDC use only token

Docs: https://cloud.google.com/functions/docs/samples/functions-bearer-token?hl=pt-br#functions_bearer_token-python

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.