使用 Go iamcredentials 客户端 API 生成 Google API 访问令牌时出现 400 错误请求
400 Bad request when generating the Google API access token using Go iamcredentials client API
我正在尝试实施 iamcredentials
Go API 客户端以生成一个 Access Token
以通过 REST API 访问一些 Google API ], 我正在使用这个代码
package main
import (
"context"
"log"
"google.golang.org/api/iamcredentials/v1"
)
func main() {
iamcredentialsService, err := iamcredentials.NewService(context.Background())
if err != nil {
log.Println("error initialize iamcredential Service ", err)
return
}
accessTokenCall := iamcredentialsService.Projects.ServiceAccounts.GenerateAccessToken(
"projects/-/serviceAccounts/some-sa@some-project-id.iam.gserviceaccount.com:generateAccessToken",
&iamcredentials.GenerateAccessTokenRequest{
Scope: []string{
iamcredentials.CloudPlatformScope,
},
},
)
iamResp, err := accessTokenCall.Do()
if err != nil {
log.Println("error generate access token", err)
return
}
log.Println(iamResp)
}
但是当我尝试 运行 上面的代码片段时,我收到了这条消息
go run main.go
error generate access token googleapi: Error 400: Request contains an invalid argument., badRequest
有什么方法可以检查是哪一个导致了上述响应?我不确定,因为没有任何好的实施示例。任何帮助将不胜感激,谢谢。
备注:
- 我已查看有关此主题的以下文档https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and this https://pkg.go.dev/google.golang.org/api/iamcredentials/v1#pkg-overview
- 我已经在 IAM 上使用
Service Account Token Creator
角色设置了服务帐户,并且还从控制台启用了 IAM API
- 我也按照建议在环境变量中添加了
GOOGLE_APPLICATION_CREDENTIALS
@DanielFarrell 是对的,您需要删除末尾的 :generateAccessToken
。这里是代码中的文档。不要犹豫,探索它,它是开源的 ;)
// GenerateAccessToken: Generates an OAuth 2.0 access token for a
// service account.
//
// - name: The resource name of the service account for which the
// credentials are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
// wildcard character is required; replacing it with a project ID is
// invalid.
func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall {
c := &ProjectsServiceAccountsGenerateAccessTokenCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
c.generateaccesstokenrequest = generateaccesstokenrequest
return c
}
我正在尝试实施 iamcredentials
Go API 客户端以生成一个 Access Token
以通过 REST API 访问一些 Google API ], 我正在使用这个代码
package main
import (
"context"
"log"
"google.golang.org/api/iamcredentials/v1"
)
func main() {
iamcredentialsService, err := iamcredentials.NewService(context.Background())
if err != nil {
log.Println("error initialize iamcredential Service ", err)
return
}
accessTokenCall := iamcredentialsService.Projects.ServiceAccounts.GenerateAccessToken(
"projects/-/serviceAccounts/some-sa@some-project-id.iam.gserviceaccount.com:generateAccessToken",
&iamcredentials.GenerateAccessTokenRequest{
Scope: []string{
iamcredentials.CloudPlatformScope,
},
},
)
iamResp, err := accessTokenCall.Do()
if err != nil {
log.Println("error generate access token", err)
return
}
log.Println(iamResp)
}
但是当我尝试 运行 上面的代码片段时,我收到了这条消息
go run main.go
error generate access token googleapi: Error 400: Request contains an invalid argument., badRequest
有什么方法可以检查是哪一个导致了上述响应?我不确定,因为没有任何好的实施示例。任何帮助将不胜感激,谢谢。
备注:
- 我已查看有关此主题的以下文档https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and this https://pkg.go.dev/google.golang.org/api/iamcredentials/v1#pkg-overview
- 我已经在 IAM 上使用
Service Account Token Creator
角色设置了服务帐户,并且还从控制台启用了 IAM API - 我也按照建议在环境变量中添加了
GOOGLE_APPLICATION_CREDENTIALS
@DanielFarrell 是对的,您需要删除末尾的 :generateAccessToken
。这里是代码中的文档。不要犹豫,探索它,它是开源的 ;)
// GenerateAccessToken: Generates an OAuth 2.0 access token for a
// service account.
//
// - name: The resource name of the service account for which the
// credentials are requested, in the following format:
// `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-`
// wildcard character is required; replacing it with a project ID is
// invalid.
func (r *ProjectsServiceAccountsService) GenerateAccessToken(name string, generateaccesstokenrequest *GenerateAccessTokenRequest) *ProjectsServiceAccountsGenerateAccessTokenCall {
c := &ProjectsServiceAccountsGenerateAccessTokenCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
c.generateaccesstokenrequest = generateaccesstokenrequest
return c
}