There is an app that acts like an API, deployed in Google Cloud Run as a Service. It was set up to require authentication:
Another app calls this API using Google service account key for authentication. Keys are created "without" expiration date (kinda):
Nevertheless, regularly, approximately after a month of usage, those who use the key start getting this error:
java.io.IOException: Error getting id token for service account: 400 Bad Request
POST
{"error":"invalid_grant","error_description":"Invalid JWT Signature."}, iss: <SERVICE_ACCOUNT_NAME_HERE>
New key "solves" the problem. For a month. Any ideas why this might be happening?
There is an app that acts like an API, deployed in Google Cloud Run as a Service. It was set up to require authentication:
Another app calls this API using Google service account key for authentication. Keys are created "without" expiration date (kinda):
Nevertheless, regularly, approximately after a month of usage, those who use the key start getting this error:
java.io.IOException: Error getting id token for service account: 400 Bad Request
POST https://oauth2.googleapis/token
{"error":"invalid_grant","error_description":"Invalid JWT Signature."}, iss: <SERVICE_ACCOUNT_NAME_HERE>
New key "solves" the problem. For a month. Any ideas why this might be happening?
Share asked Mar 7 at 17:18 AvorthorenAvorthoren 111 bronze badge1 Answer
Reset to default 0By default, service account keys never expire. You can use an anization policy constraint to specify the length of time for which a service account key is valid.
Since (your) every service account expires every month resulting in an error "Invalid JWT Signature", I think there’s an anization policy in place that enforces the constraints/iam.serviceAccountKeyExpiryHours constraint.
You or your admin must have the Organization Policy Administrator role to disable the constraint.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744916017a4600839.html
评论列表(0条)