All geek questions in one place

Use GAE JSON Service Account

I have an application in GAE and I use a service account to call some google services. When I created the service account in the control panel, I was given the JSON key. The json content looks something like this:

{ "private_key_id": "bar-foo", "private_key": "-----BEGIN PRIVATE KEY-----foo-bar\n-----END PRIVATE KEY-----\n", "client_email": " foo-bar@developer.gserviceaccount.com ", "client_id": "bar-foo.apps.googleusercontent.com", "type": "service_account" }

How can I use this private_key in my java code to create a GoogleCredential object?

I was able to do this using the setServiceAccountPrivateKeyFromP12File method, but for this I would need to create a p12 file and store it somewhere. With json private key, I could configure it in the properties file.

I found the setServiceAccountPrivate method in GoogleCredential.Builder that takes a PrivateKey object as a parameter, but I don't know how to generate this object from a value inside json. All the examples I found used the p12 file.

+6
source share
2 answers

Since this question still receives submissions and does not have an accepted answer, here is an example of how to use the JSON key with the Google API client library, slightly adapted from the official documentation section " Using OAuth 2.0 with the Google API Client Library for Java :

 HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport(); JsonFactory jsonFactory = JacksonFactory.getDefaultInstance(); ... // Build service account credential. GoogleCredential credential = GoogleCredential.fromStream(MyClass.class.getResourceAsStream("/MyProject-1234.json")) .createScoped(Collections.singleton(PlusScopes.PLUS_ME)); // Set up global Plus instance. plus = new Plus.Builder(httpTransport, jsonFactory, credential) .setApplicationName(APPLICATION_NAME).build();

You put your key file, for example. "MyProject-1234.json" in / src / main / resources and "MyClass" above refers to the name of the parent class containing your method.

+1
source

You must use the built-in service account that GAE does on your behalf when creating the project. You can see a usage example here: https://developers.google.com/bigquery/authorization#service-accounts-appengine

You can find more about the service account from other questions here: SOA: fooobar.com/questions/972321 / ... (its for python, but there should be a corresponding java article)

EDIT

The following is an article on the Google AppEngine documentation for using the built-in service account identifier to interact with the Google APIs:

https://developers.google.com/appengine/docs/java/appidentity/#Java_Asserting_identity_to_Google_APIs

There is no need to create a separate service account for use with GAE, as it is already provided to you.

EDIT 2

Not sure if the secret key in the JSON file is the same in the p12 file, but if you can try something like this (sorry, my Java may be a little rusty):

 import com.google.api.client.util.SecurityUtils; import java.security.spec.PKCS8EncodedKeySpec; import java.security.PrivateKey; // Read the JSON Private key as a byte[] array into bytes PrivateKey serviceAccountPrivateKey = SecurityUtils.getRsaKeyFactory().generatePrivate(new PKCS8EncodedKeySpec(bytes));
-1
source

Source: https://habr.com/ru/post/972320/

More articles:


All Articles