This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

gcloud auth application-default Access Token URI different to user Access Token URI

Posted on 07-28-2023 09:06 AM
NickP2001
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

On my windows laptop, in cmd, if I gcloud auth login and then gcloud auth print-access-token --log-http

then I can see the access token uri correctly set as:

C:\Users\enum>gcloud auth print-access-token --log-http
=======================
==== request start ====
uri: https://oauth2-<our-value>.googleapis.com/token  
method: POST

But if I generate the Application Default Credentials by running: gcloud auth application-default login and then run gcloud auth application-default print-access-token --log-http I can see the uri is not correctly set:

C:\Users\enum>gcloud auth application-default print-access-token --log-http
=======================
==== request start ====
uri: https://oauth2.googleapis.com/token 
method: POST

And then the result of the print-access-token command is:

ERROR: (gcloud.auth.application-default.print-access-token) There was a problem refreshing your current auth tokens: HTTPSConnectionPool(host='oauth2.googleapis.com', port=443): Max retries exceeded with url: /token (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x0000020756EBE8E0>: Failed to establish a new connection: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'))

because that host uri is wrong and not what we are using for our Access Token URI. This mean that local debugging application on our development machines is not possible, as they use Application Default Credentials (ADC).

My question is where is the application-default uri set and how can it be correctly updated to what we want it to be?

0 3 4,947
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
Marramirez
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Hello @NickP2001,

Welcome to the Google Cloud Community!

gcloud auth print-access-token prints an access token for the specified account. 

gcloud auth application-default print-access-token prints an access token for your current Application Default Credentials (ADC). Check out this documentation about Application Default Credentials.  

The ADC can be specified by either using the following:

If the above options don't work, you can contact Google Cloud Support to further look into your case. Let me know if it helped, thanks!

0 Likes

Posted on --/--/---- --:-- AM
NickP2001
Bronze 1
Bronze 1
In response to Marramirez
Reply posted on --/--/---- --:-- AM

Hello @Marramirez 

Thanks for your reply, but the problem is the token-uri being different for application-default (ADC) credentials. 

As an aside, in our organization, we cannot create service key therefore cannot download the credentials file. 

So my question should be reframed as: where is the token-uri controlled/set for ADC? I see no documentation on this.

For non ADC I see the token-uri is generated within the credentials.db, but I see nowhere and can find no documentation on how it is set for ADC.

Posted on --/--/---- --:-- AM
sahil_j53
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

They never reply to the actual problem . This is why people don't want to use google cloud

0 Likes
Top Solution Authors
View all