Error: The incoming JSON object does not contain a client_email field

[rppig]

I get this error when I'm using a OAuth client ID JSON file as GOOGLE_APPLICATION_CREDENTIALS.

Here's the content of this JSON file.

{
    "installed": {
        "client_id": "",
        "project_id": "",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://accounts.google.com/o/oauth2/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_secret": "",
        "redirect_uris": ["urn:ietf:wg:oauth:2.0:oob", "http://localhost"]
    }
}

Here's the code where I get this error.

var GoogleAuth = require("google-auth-library");
new GoogleAuth().getApplicationDefault(function(err, auth) {
  console.log(err);
});

[lukesneeringer]

I am pretty sure we require client_email. Did you download this JSON file from one of our systems?

[daywaves]

I'm having the same problem and I have a JSON file with the exact same format (no client_email field). I got my JSON file from the Google API developer console to work with the Gmail API. My file is also an OAuth 2.0 Client ID. I tried making a service account credential instead and that file did have a client_email field, but I think I need to use OAuth2 not a service account.

[bantini]

@daywaves You should use the service account JSON for OAuth2 authentication. Can you describe what you are trying to do, and where it is failing?

[JustinBeckwith]

You are mixing things up a bit :) You need to create a "Service account key" if you want to use this for service->service communication, where your account is used to perform actions.

If you want to use the credentials of the user to perform actions on behalf of the user, you want to use OAuth2. In that case - you wouldn't use application default credentials, rather a standard OAuth2 workflow.

We have some improved docs to cover this stuff sitting over in the next branch. I'm going to close this out for now - feel free to keep asking questions!

[bbhoss]

This doesn't seem accurate. The Ruby gem for authenticating (particularly with Google Cloud Storage) does not require a client_email in order to operate.

[JustinBeckwith]

Interesting! Can you share a link?

[bbhoss]

So, I haven't dug really deep into the Ruby library, but the functionality seems to be located here: https://github.com/GoogleCloudPlatform/google-cloud-ruby/blob/master/google-cloud-core/lib/google/cloud/credentials.rb#L49

I confirmed locally that loading a bucket and listing its files doesn't require a client_email, while the node client generates an error. It seems the Ruby client allows it to not be present, but also allows it to be passed in discretely.

[n0bisuke]

A similar problem arose. Thank you.

[tsaxking]

Hello, I hate to message on old threads, but I just encountered this issue as well. Is there a solution somewhere I am not seeing?

[LeandroBaroni]

I'm followin the google calendar API docs in a NodeTS project and getting the same issue. This is my credentials.json.
Is there something that i dontt notice in the docs or this JSON? {
"web":{
"client_id":"client_id.com",
"project_id":"project-homol",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"client_secret":"client_secret"
}
}
`

[ashuprajapat]

I am facing the same issue, do we have solution to this one ?
I am using Workload identity federation and package is googleauth-1.6.0. The json file is {
"type": "external_account",
"audience": "",
"subject_token_type": "",
"token_url": "",
"credential_source": {
"file": "",
"format": {
"type": "text"
}
},
"service_account_impersonation_url": ""
}

[m-shum]

Having the same issue when passing the result of new GoogleAuthLibrary.GoogleAuth() to GoogleAnalytics.reports.batchGet as the auth param. The object returned by GoogleAuthLibrary.GoogleAuth() does not include a client_email property – only the credentials passed TO gauth when generating an auth object contain that field.

[adrianbartyczak]

Google = dogs***