Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

invalid_grant #369

Closed
lechen26 opened this issue Feb 3, 2021 · 8 comments
Closed

invalid_grant #369

lechen26 opened this issue Feb 3, 2021 · 8 comments
Assignees
Labels
api: storage Issues related to the googleapis/python-storage API. priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@lechen26
Copy link

lechen26 commented Feb 3, 2021

Hi

we are using google service account to access cloud stoage on one of our python projects.

nothing has changes on the service account we are using but recently we've started to see this intermittent error:

google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT Signature.', '{"error":"invalid_grant","error_description":"Invalid JWT Signature."}')

it does not happen all the time but from time to time. like it failed to refresh the token but i dont understand why.
what can be the reason for this?

thanks
CL

@product-auto-label product-auto-label bot added the api: storage Issues related to the googleapis/python-storage API. label Feb 3, 2021
@frankyn frankyn added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. priority: p2 Moderately-important priority. Fix may not be included in next release. labels Feb 3, 2021
@frankyn frankyn self-assigned this Feb 3, 2021
@frankyn frankyn added duplicate This issue or pull request already exists status: duplicate Duplicate. and removed priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Feb 3, 2021
@frankyn
Copy link
Member

frankyn commented Feb 3, 2021

Hi @lechen26,

Thanks for filing the issue.
This is a duplicate of #17, which is being looked at here: googleapis/google-auth-library-python#261

@frankyn frankyn closed this as completed Feb 3, 2021
@fcollman
Copy link

fcollman commented Feb 3, 2021

I don't think this is the same error, the exception looks different. We are also experiencing the same error, again on code that did not change, only upgrades to underlying google packages.

The exception listed in this isssue..

google.auth.exceptions.RefreshError: ('invalid_grant: Invalid JWT Signature.', '{"error":"invalid_grant","error_description":"Invalid JWT Signature."}')

The exception listed in #17

google.auth.exceptions.RefreshError: ('invalid_grant: reauth related error (rapt_required)', '{\n  "error": "invalid_grant",\n  "error_description": "reauth related error (rapt_required)",\n  "error_subtype": "rapt_required"\n}')

@fcollman
Copy link

fcollman commented Feb 3, 2021

I think this issue is actually covered here
googleapis/google-auth-library-python#667

and might be related to this underlying RSA issue
sybrenstuvel/python-rsa#173

@frankyn
Copy link
Member

frankyn commented Feb 3, 2021

Ah, good call out, my mistake. let's reopen to keep track

@frankyn frankyn reopened this Feb 3, 2021
@frankyn frankyn added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. external This issue is blocked on a bug with the actual product. and removed status: duplicate Duplicate. duplicate This issue or pull request already exists labels Feb 3, 2021
@lechen26
Copy link
Author

lechen26 commented Feb 7, 2021

thanks @fcollman , exactly , we havent changed anything except we've upgraded our cluster.
i saw the RSA issue, but to be honest i wasnt sure its related as we are not using this package.

is this something the google-cloud-storage using?

thanks

@lechen26
Copy link
Author

lechen26 commented Feb 7, 2021

i've checked with pipdeptree its indeed the case.
thanks!

@frankyn frankyn removed the external This issue is blocked on a bug with the actual product. label Feb 8, 2021
@busunkim96
Copy link
Contributor

Just to make things explicit, if you're running into this please explicitly pin to rsa==4.6 in your requirements.txt.

For context, google-cloud-storage depends on google-auth which depends on rsa.

@frankyn frankyn assigned tritone and unassigned frankyn Feb 8, 2021
@tritone
Copy link
Contributor

tritone commented Feb 9, 2021

Thanks for clarifying @busunkim96 -- I'll go ahead and close this issue.

@tritone tritone closed this as completed Feb 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api: storage Issues related to the googleapis/python-storage API. priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Development

No branches or pull requests

5 participants