oauth2client.client.AccessTokenRefreshError：invalid_grant仅在Docker中 [英] oauth2client.client.AccessTokenRefreshError: invalid_grant Only in Docker

问题描述

我有相同的代码与相同的p12文件（检查md5和），相同的account_email和相同的范围工作在许多计算机上，但不工作在Docker容器在任何工作的计算机上。我的代码片段如下：

  with open（self.pkcs12_file_path，'rb'）as f：
 key = f.read（）
 scope = ['https://www.googleapis.com/auth/bigquery'，
'https://www.googleapis.com/auth/cloud-platform' ] 
 credentials = SignedJwtAssertionCredentials（self.account_email，
 key，scope）
 http = httplib2.Http（）
 self.http = credentials.authorize（self.http）
 service = discovery.build（'bigquery'，'v2'，http = self.http）
  

每当我在Docker容器里面尝试这个内容时，我会在 discovery.build中获得 oauth2client.client.AccessTokenRefreshError：invalid_grant 线。我认为这可能与需要公开端口有关，但不知道我需要暴露什么，或者这是实际的问题。任何人都有任何想法？

解决方案

这听起来像一个时钟问题。 Google的OAuth访问令牌有效期为一小时（Google刷新令牌永久有效，您可以使用它们来检索新的访问令牌）。您可以验证Docker容器的时钟是否与主机同步（或设置为您预期的时区？）。

请参阅：停靠码头与主机的容器自动同步时间？

I have the same code with the same p12 file (checked md5 sums), same account_email, and same scope working on a number of computers, but not working in Docker containers on any of the working computers. My code snippet is as follows:

with open(self.pkcs12_file_path, 'rb') as f:
    key = f.read()
    scope = ['https://www.googleapis.com/auth/bigquery',
             'https://www.googleapis.com/auth/cloud-platform']
    credentials = SignedJwtAssertionCredentials(self.account_email,
                                                    key, scope)
http = httplib2.Http()
self.http = credentials.authorize(self.http)
service = discovery.build('bigquery', 'v2', http=self.http)

Whenever I try this inside of a Docker container, I get oauth2client.client.AccessTokenRefreshError: invalid_grant at the discovery.build line. I'm thinking it might have something to do with needing to expose ports, but have no idea which I'd need to expose, or if that's the actual problem. Anyone have any ideas?

解决方案

This sounds like a clock issue. Google's OAuth access tokens are valid for one hour (Google refresh tokens are valid forever and you can use them to retrieve a new access token). Can you verify that the Docker container's clock is synced with the host machine (or set to your expected time zone?).

See: Will docker container auto sync time with the host machine?

这篇关于oauth2client.client.AccessTokenRefreshError：invalid_grant仅在Docker中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！