Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switching to HTTP/2 makes calendarList.list() complain about invalid authentication #3592

Open
specious opened this issue Dec 4, 2024 · 1 comment
Open

Switching to HTTP/2 makes calendarList.list() complain about invalid authentication #3592

specious opened this issue Dec 4, 2024 · 1 comment

Comments

@specious
Copy link

specious commented Dec 4, 2024

I have an application that uses an access token to request a list of calendars and then deletes and creates batches of events in a specific calendar.

Everything works, but when I switch on HTTP/2 support:

google.options({
  http2: true
})

I get this exception when making the await calendarApi.calendarList.list() call:

Request failed with status code 401.                                     
'{                                                                                                              
  error: {                                                                                                      
    code: 401,                                                                                                  
    message: 'Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.',
    errors: [                                                                                                   
      {                                                 
        message: 'Invalid Credentials',                                                                         
        domain: 'global',                                                                                       
        reason: 'authError',                                                                                    
        location: 'Authorization',                                                                              
        locationType: 'header'                                                                                  
      }                                                                                                         
    ],                                                                                                          
    status: 'UNAUTHENTICATED'                           
  }                                                                                                             
}

Here's my code (using dotenv and extracted from my project as a standalone test case):

#!/usr/bin/env node

import 'dotenv/config'
import { google } from 'googleapis'

// When this is turned on, requesting the calendar list fails
google.options({ http2: true })

const authClient = new google.auth.OAuth2(
  process.env.GOOGLE_CLIENT_ID,
  process.env.GOOGLE_CLIENT_SECRET,
  'http://localhost:2024',
)

authClient.setCredentials({
  access_token: process.env.GOOGLE_ACCESS_TOKEN,
  refresh_token: process.env.GOOGLE_REFRESH_TOKEN,
})

const calendarApi = google.calendar({
  version: 'v3',
  auth: authClient,
})

let response

try {
  console.log('Requesting list of calendars...')
  response = await calendarApi.calendarList.list()
} catch(e) {
  console.error(e.message)
  process.exit(1)
}

console.log(response.data.items)

I'm using googleapis 144.0.0 and I tried multiple older versions and the result is the same.

My motivation for switching to HTTP/2 was hitting the "rate limit exceeded" error while performing too many simultaneous operations.

@jrmdayn's drop-in batch request add-on seems to work perfectly for batching the operations and not hitting the rate limit albeit without using HTTP/2, as per #2375 (comment).

However, I'm still interested in switching to HTTP/2 for its performance benefits and due to it being the new standard.

@JustinBeckwith, I see that you've done a lot of work on the HTTP/2 implementation (#1130). I don't know if you can tell right away what is going on here.
@specious
Copy link
Author

specious commented Dec 4, 2024

This is the full error:

GaxiosError: Request failed with status code 401. 
'{
  error: {
    code: 401,
    message: 'Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.',
    errors: [
      {
        message: 'Invalid Credentials',
        domain: 'global',
        reason: 'authError',
        location: 'Authorization',
        locationType: 'header'
      }
    ],
    status: 'UNAUTHENTICATED'
  }
}
    at Gunzip.<anonymous> (/home/specious/c/_/calapitest/node_modules/.pnpm/[email protected]/node_modules/googleapis-common/build/src/http2.js:136:32)
    at Gunzip.emit (node:events:507:28)
    at endReadableNT (node:internal/streams/readable:1696:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:90:21) {
  config: {
    http2: true,
    url: 'https://www.googleapis.com/calendar/v3/users/me/calendarList',
    method: 'GET',
    apiVersion: '',
    userAgentDirectives: [ [Object] ],
    paramsSerializer: [Function (anonymous)],
    headers: {
      'x-goog-api-client': 'gdcl/7.2.0 gl-node/23.1.0',
      'Accept-Encoding': 'gzip',
      'User-Agent': 'google-api-nodejs-client/7.2.0 (gzip)',
      Authorization: 'Bearer <my actual access token>'
    },
    params: {},
    validateStatus: [Function (anonymous)],
    retry: true,
    responseType: 'json'
  },
  response: {
    config: {
      http2: true,
      url: 'https://www.googleapis.com/calendar/v3/users/me/calendarList',
      method: 'GET',
      apiVersion: '',
      userAgentDirectives: [Array],
      paramsSerializer: [Function (anonymous)],
      headers: [Object],
      params: {},
      validateStatus: [Function (anonymous)],
      retry: true
    },
    request: Http2Stream {
      id: 1,
      closed: true,
      destroyed: true,
      state: {},
      readableState: ReadableState {
        highWaterMark: 65536,
        buffer: [],
        bufferIndex: 0,
        length: 0,
        pipes: [],
        awaitDrainWriters: null,
        [Symbol(kState)]: 110626680
      },
      writableState: WritableState {
        highWaterMark: 65536,
        length: 0,
        corked: 0,
        onwrite: [Function: bound onwrite],
        writelen: 0,
        bufferedIndex: 0,
        pendingcb: 0,
        [Symbol(kState)]: 1091450232,
        [Symbol(kBufferedValue)]: null
      }
    },
    headers: [Object: null prototype] {
      ':status': 401,
      'www-authenticate': 'Bearer realm="https://accounts.google.com/", error="invalid_token"',
      vary: 'Origin, X-Origin, Referer',
      'content-type': 'application/json; charset=UTF-8',
      'content-encoding': 'gzip',
      date: 'Wed, 04 Dec 2024 04:05:31 GMT',
      server: 'ESF',
      'cache-control': 'private',
      'content-length': '302',
      'x-xss-protection': '0',
      'x-frame-options': 'SAMEORIGIN',
      'x-content-type-options': 'nosniff',
      'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
      [Symbol(sensitiveHeaders)]: []
    },
    status: 401,
    data: { error: [Object] },
    statusText: ''
  },
  error: undefined,
  status: 401,
  [Symbol(gaxios-gaxios-error)]: '6.7.1'
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@specious