Invalid JWT Token when using Service Account JSON
- OS type and version
macOS Sierra running a Debian Jessie Docker Container
- Python version and virtual environment information
python --version
CPython 3.5.0, no virtual environment
- google-cloud-python version
pip show google-cloud,pip show google-<service>orpip freeze
google-cloud-bigquery==0.23.0
- Stacktrace if available
Traceback (most recent call last):
File "/usr/local/lib/python3.5/code.py", line 91, in runcode
exec(code, self.locals)
File "<console>", line 1, in <module>
File "/usr/local/lib/python3.5/site-packages/celery/local.py", line 191, in __call__
return self._get_current_object()(*a, **kw)
File "/app/warehouse/celery.py", line 53, in __call__
return super().__call__(pyramid_env["request"], *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/celery/app/task.py", line 379, in __call__
return self.run(*args, **kwargs)
File "/app/warehouse/packaging/tasks.py", line 58, in compute_trending
query.run()
File "/usr/local/lib/python3.5/site-packages/google/cloud/bigquery/query.py", line 364, in run
method='POST', path=path, data=self._build_resource())
File "/usr/local/lib/python3.5/site-packages/google/cloud/_http.py", line 299, in api_request
headers=headers, target_object=_target_object)
File "/usr/local/lib/python3.5/site-packages/google/cloud/_http.py", line 193, in _make_request
return self._do_request(method, url, headers, data, target_object)
File "/usr/local/lib/python3.5/site-packages/google/cloud/_http.py", line 223, in _do_request
body=data)
File "/usr/local/lib/python3.5/site-packages/google_auth_httplib2.py", line 187, in request
self._request, method, uri, request_headers)
File "/usr/local/lib/python3.5/site-packages/google/auth/credentials.py", line 116, in before_request
self.refresh(request)
File "/usr/local/lib/python3.5/site-packages/google/oauth2/service_account.py", line 318, in refresh
request, self._token_uri, assertion)
File "/usr/local/lib/python3.5/site-packages/google/oauth2/_client.py", line 143, in jwt_grant
response_data = _token_endpoint_request(request, token_uri, body)
File "/usr/local/lib/python3.5/site-packages/google/oauth2/_client.py", line 109, in _token_endpoint_request
_handle_error_response(response_body)
File "/usr/local/lib/python3.5/site-packages/google/oauth2/_client.py", line 59, in _handle_error_response
error_details, response_body)
google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT Signature.', '{\n "error" : "invalid_grant",\n "error_description" : "Invalid JWT Signature."\n}')
- Steps to reproduce
Try to query anything in BigQuery using a service account with "Viewer" permissions and GOOGLE_APPLICATION_CREDENTIALS pointed to a JSON file downloaded when creating the service account.
- Code example
bq = bigquery.Client() query = bq.run_sync_query( """ SELECT project, IF( STDDEV(downloads) > 0, (todays_downloads - AVG(downloads))/STDDEV(downloads), NULL ) as zscore FROM ( SELECT project, date, downloads, FIRST_VALUE(downloads) OVER ( PARTITION BY project ORDER BY DATE DESC ROWS BETWEEN UNBOUNDED PRECEDING AND UNBOUNDED FOLLOWING ) as todays_downloads FROM ( SELECT file.project as project, DATE(timestamp) AS date, COUNT(*) as downloads FROM `the-psf.pypi.downloads*` WHERE _TABLE_SUFFIX BETWEEN FORMAT_DATE( "%Y%m%d", DATE_ADD(CURRENT_DATE(), INTERVAL -31 day)) AND FORMAT_DATE( "%Y%m%d", DATE_ADD(CURRENT_DATE(), INTERVAL -1 day)) GROUP BY file.project, date ) ) GROUP BY project, todays_downloads HAVING SUM(downloads) >= 5000 ORDER BY zscore DESC """ ) query.use_legacy_sql = False query.run()