Does anyone here have experience running a NodeJS application on GAE flex environment?
I have a specific question about authenticating to non-cloud platform Google APIs (E.g. Google Drive, Google Sheets, etc and not Cloud Storage, etc).
I've been using Google's ADC and a following the method described here: https://github.com/google/google-api-nodejs-client#choosing-the-correct-credential-type-automatically
This worked for me previously - I was able to use ADC to authenticate with Cloud KMS & cloud storage.
But, I am unable to ship a a feature using the Google Sheets API (it writes data to a sheet based on user interaction, so that I can give this data super easily to the business team) as it runs locally with ADC and the service client keyfile that creates a JWT, but does not run in production.
As there aren't any concrete examples on this for NodeJS I ended up going down the rabbit hole of looking through the separate node docs to solve my issue.
In particular, the Sheets API states that I need to use OAuth 2, but these docs say it's better for me to stick with ADC: - https://cloud.google.com/appengine/docs/flexible/nodejs/authorizing-apps#oauth_20_authorization - https://developers.google.com/identity/protocols/OAuth2ServiceAccount
And why would it work with my local copy of my GAE service account's JWT, but not the Compute engine service account? I've added both appengine and compute engine service account emails to the spreadsheet with Write access, but it doesn't seem to work for the latter.
i keep running into the same error where my code works locally and I can append values to a sheet where my app engine email has access to write to, but in production, I continue to get the same error which says the app has insufficient permissions: `"The Sheets API returned an error: Error: A Forbidden error was returned while attempting to retrieve an access token for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have the correct permission scopes specified. Request had insufficient authentication scopes." So i've also done domain wide authority delegation, and done every single thing I about adding the right access can find.
My main question is, will I be able to continue using the method laid out in this code (https://github.com/google/google-api-nodejs-client#choosing-the-correct-credential-type-automatically), or should I be using OAuth2 as in this documentation (https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests)? And if I need to use OAuth2, what's the point of even being on GAE if I can't even access Google's Sheets API without loading my own credentials in my env variables?
Am I doing something wrong?