Invalid JWT Token when using Service Account JSON #3100
Description
- OS type and version
macOS Sierra running a Debian Jessie Docker Container
- Python version and virtual environment information
python --version
CPython 3.5.0, no virtual environment
- google-cloud-python version
pip show google-cloud,pip show google-<service>orpip freeze
google-cloud-bigquery==0.23.0
- Stacktrace if available
Traceback (most recent call last): File "/usr/local/lib/python3.5/code.py", line 91, in runcode exec(code, self.locals) File "<console>", line 1, in <module> File "/usr/local/lib/python3.5/site-packages/celery/local.py", line 191, in __call__ return self._get_current_object()(*a, **kw) File "/app/warehouse/celery.py", line 53, in __call__ return super().__call__(pyramid_env["request"], *args, **kwargs) File "/usr/local/lib/python3.5/site-packages/celery/app/task.py", line 379, in __call__ return self.run(*args, **kwargs) File "/app/warehouse/packaging/tasks.py", line 58, in compute_trending query.run() File "/usr/local/lib/python3.5/site-packages/google/cloud/bigquery/query.py", line 364, in run method='POST', path=path, data=self._build_resource()) File "/usr/local/lib/python3.5/site-packages/google/cloud/_http.py", line 299, in api_request headers=headers, target_object=_target_object) File "/usr/local/lib/python3.5/site-packages/google/cloud/_http.py", line 193, in _make_request return self._do_request(method, url, headers, data, target_object) File "/usr/local/lib/python3.5/site-packages/google/cloud/_http.py", line 223, in _do_request body=data) File "/usr/local/lib/python3.5/site-packages/google_auth_httplib2.py", line 187, in request self._request, method, uri, request_headers) File "/usr/local/lib/python3.5/site-packages/google/auth/credentials.py", line 116, in before_request self.refresh(request) File "/usr/local/lib/python3.5/site-packages/google/oauth2/service_account.py", line 318, in refresh request, self._token_uri, assertion) File "/usr/local/lib/python3.5/site-packages/google/oauth2/_client.py", line 143, in jwt_grant response_data = _token_endpoint_request(request, token_uri, body) File "/usr/local/lib/python3.5/site-packages/google/oauth2/_client.py", line 109, in _token_endpoint_request _handle_error_response(response_body) File "/usr/local/lib/python3.5/site-packages/google/oauth2/_client.py", line 59, in _handle_error_response error_details, response_body) google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT Signature.', '{\n "error" : "invalid_grant",\n "error_description" : "Invalid JWT Signature."\n}') - Steps to reproduce
Try to query anything in BigQuery using a service account with "Viewer" permissions and GOOGLE_APPLICATION_CREDENTIALS pointed to a JSON file downloaded when creating the service account.
- Code example
bq = bigquery.Client() query = bq.run_sync_query( """ SELECT project, IF( STDDEV(downloads) > 0, (todays_downloads - AVG(downloads))/STDDEV(downloads), NULL ) as zscore FROM ( SELECT project, date, downloads, FIRST_VALUE(downloads) OVER ( PARTITION BY project ORDER BY DATE DESC ROWS BETWEEN UNBOUNDED PRECEDING AND UNBOUNDED FOLLOWING ) as todays_downloads FROM ( SELECT file.project as project, DATE(timestamp) AS date, COUNT(*) as downloads FROM `the-psf.pypi.downloads*` WHERE _TABLE_SUFFIX BETWEEN FORMAT_DATE( "%Y%m%d", DATE_ADD(CURRENT_DATE(), INTERVAL -31 day)) AND FORMAT_DATE( "%Y%m%d", DATE_ADD(CURRENT_DATE(), INTERVAL -1 day)) GROUP BY file.project, date ) ) GROUP BY project, todays_downloads HAVING SUM(downloads) >= 5000 ORDER BY zscore DESC """ ) query.use_legacy_sql = False query.run()