Error consuming customerLicense App Marketplace with Service Account OAuth2

2
votes

SOLUTION

I figured out how to solve this problem.

First of all here is my implementation with Service Account:

// Build service account credential.
    GoogleCredential credential = new GoogleCredential.Builder().setTransport(httpTransport)
        .setJsonFactory(JSON_FACTORY)
        .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
        .setServiceAccountScopes(Collections.singleton("https://www.googleapis.com/auth/appsmarketplace.license"))
        .setServiceAccountPrivateKeyFromP12File(new File("/path/to/mykey/key.p12"))
//            .setServiceAccountUser("NOT SET THIS LINE")
        .build();

        License build = new License.Builder(httpTransport, JSON_FACTORY, credential).setApplicationName("My Application").build();
    Licenses execute = build.customerLicense().get("9999999999", "domain.test.com").execute();

This License Builder object is myself implementation based on the new google-api-client 1.17 and above. If someone could advice me how can i share with the rest of the community i will be glad to do it.

Best,

I have posted another thread, Google Apps Marketplace API customerLicense with OAuth2, explaining about my intentions to consume this API with OAuth2 Service Account strategy.

I have tried every method and officials library present and I always get Invalid OAuth header message or UNLICENSED

I am going to detail what is the scenery and what things i have tried:

  1. I have and Google App Marketplace which use Service Account OAuth2 because all task are being perform on background.
  2. This API Project has Service Account keys and Client Web Account keys too.
  3. I published app restricted for my domain only because i am yet developing. So I installed App for my domain.
  4. At this point it is suppose if I queried Customer License with API Project ID and Customer Id, which is domain name, I have to see the APP LICENSE for my domain.
  5. I have used this jars https://developers.google.com/google-apps/marketplace/v2/developers_guide to access License API.

  6. This is my code:

    String appName = "MY APP"; AppsMarketService service = new AppsMarketService(); service.appId = "NUMBER_APP_ID"; service.appName = appName; service.endpoint = "https://www.googleapis.com/appsmarket/v2/"; service.consumerKey = service.appId + ".apps.googleusercontent.com"; service.consumerSecret = "CLIENT_SECRET_FROM_WEB_OAUTH2_API_PROJECT"; service.authorize();

  7. I get 403 forbidden if i use this code.

  8. If i changed appId for prefix clientId from my API Project web OAuth2, I get 200 but with body UNLICENSED.
  9. I have added scope to my app https://www.googleapis.com/auth/appsmarketplace.license and i still get the same result.
  10. I have tried also getting Access Token from Admin user with Service Account handshake and then use that Oauth2 Access Token to access API License and the same result Invalid OAuth Token

My questions are:

  1. Is there any way to access this API with Services Account keys, taking into consideration there is not consumer Secret in Service Accounts keys, only Client ID and private Key file?
  2. Is there any updated library to use this with OAuth2 because i am seeing all this libraries are using OAuth1 with two-legged auth?

It would be great if someone can help me because we are trying to migrate our 7 Google App Old Marketplace Apps from OAuth1 to OAuth2 as per Google request but we have some black holes in our implementation if we would not be able to query what domains have our App Installed.

Best,

1
google-appsgoogle-oauthgoogle-api-java-clientgoogle-api-clientgoogle-apps-marketplace
I finally managed to consume License API only with service Account keys. There was some tricky things in Java API which I only could figure out using Python Library. Sorry for Java guys but in other languages some implementations are better and more complete. I made an implementation of License API with the new google-api-client-1.17.0 and i would like to share with the rest. Where i could upload?jproyo

1 Answers

0
votes

There is no need for any other libraries than OAuth2 lib. You can impmement this using urlfetch.

...
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.appengine.api.urlfetch.FetchOptions.Builder;
import com.google.appengine.api.urlfetch.HTTPHeader;
import com.google.appengine.api.urlfetch.HTTPMethod;
import com.google.appengine.api.urlfetch.HTTPRequest;
import com.google.appengine.api.urlfetch.HTTPResponse;
import com.google.appengine.api.urlfetch.URLFetchServiceFactory;

...

String SERVICE_ACCOUNT_EMAIL = "[email protected]";
String P12 = "...-privatekey.p12";
// appid is the same id that you have in the google cloud project that has the Google Apps Marketplace API and SDK enabled
String appid = "";

GoogleCredential credential = new GoogleCredential.Builder()
  .setTransport(new NetHttpTransport())
  .setJsonFactory(new JacksonFactory())
  .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
  .setServiceAccountScopes(Collections.singleton("https://www.googleapis.com/auth/appsmarketplace.license"))
  .setServiceAccountPrivateKeyFromP12File(new File(P12))
  .build();

credential.refreshToken();
String token = credential.getAccessToken();

URL url = new URL("https://www.googleapis.com/appsmarket/v2/licenseNotification/"+appid);

HTTPRequest request = new HTTPRequest(url, HTTPMethod.GET, Builder.allowTruncate());
request.setHeader(new HTTPHeader("Authorization", "Bearer "+token));

HTTPResponse response = URLFetchServiceFactory.getURLFetchService().fetch(request);

You need to install the OAuth2 package for this to work. In eclipse its under Google > Add Google Apis.