Hey!
any documentation about it? Cannot find any and I cannot make it work. I am not sure whether I am missing something obvious or if something does not work as intended...
Thanks!
Great news! I'm trying to use the new Google Service Account auth. I created a new resource with my service account's json key, but I'm getting an error:
Could this be a Retool bug?
We encountered to the same thing. I'm trying to add REST API for Google Cloud Storage services using service account credentials, but the Bearer token generated by Retool backend is incorrect. If I use Bearer token generated by gcloud CLI based on the same account credentials account file it works well.
UPD: I just made an investigation:
-
Printed out information about service account using
gcloud auth describe foo@bar.gserviceaccount.comcommand. The service account email can be found in it's credentials file. In the output you will see information about the account and it's tokens, including private key. There are two fields containing different tokens: id_tokenb64 (JWT) and token. -
The token field contains temporary access token which also can be obtained using the command
gcloud auth print-access-token --impersonate-service-account=foo@bar.gserviceaccount.com -
When I tried to use query, I found out that Retool backend uses id_tokenb64 field instead of token for Bearer header, so that's why the whole thing does not work.
Please fix it soon. We want to use Google APIs for our services.
2 Likes
Hey @etcetera @omarkhan, taking a look. Can also repro and getting this over to the engineering team responsible. I'll update this thread as soon as I have additional information to share.
For further update, Google Service Account auth works well for Cloud Functions, but isn't set up for Drive, Cloud storage API. We have an internal ticket tracking this now and will update this post as soon as there is additional information to share. Thanks!
@etcetera Thank you for reporting the issue with Rest API. Since you're using Google Cloud Storage, I want to point out that we support Google Cloud Storage as a resource type & it has support for service account. You may try it while we're working on supporting Rest API!
@joeBumbaca I also hoped to have this working. We are migrating over to a paid account and suddenly the big convenient feature doesn't work. Seeing as the service account option has been out for over a month and @etcetera has kindly discovered the simplicity of the issue, is it thought the fix will be very post dated?
@Shawn_Crocker @Harry_Doan and team are working on this. Looks like an option to supply the appropriate scopes, which will then allow us to use the appropriate token depending on the service that is being used (Cloud Functions vs Drive API etc), should be out in our next cloud release. Will confirm here when it is available.
@Shawn_Crocker @etcetera @omarkhan The "Google Service Account" authentication option should now work with google apis. There should be an option to enter the service account scope now, and you can use it to query from google drive. Please give it a try and let me know if you still run into any issue!
3 Likes
This is great! I will test it out over the weekend. And report back.
@Harry_Doan happy to report, my service account is being authorized properly now. Thanks for fixing this so fast! This is really going to cleanup how our users get into our app
2 Likes