Google-api-dotnet-client: At least one client secrets (Installed or Web) should be set

Created on 1 Nov 2018  路  9Comments  路  Source: googleapis/google-api-dotnet-client

I'm trying to create a token using a JSON service account private key file, and no matter what I do the GoogleWebAuthorizationBroker keeps giving the following error.

At least one client secrets (Installed or Web) should be set

Why is the broker asking for a client secret? Isn't that the whole purpose of a service account with domain wide delegated permissions?

```c#
using System;
using System.IO;
using System.Threading;
using Google.Apis.Admin.Directory.directory_v1;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Util.Store;

class Program
{
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/admin-directory_v1-dotnet-quickstart.json
static string[] Scopes = { DirectoryService.Scope.AdminDirectoryDeviceChromeos };
static string ApplicationName = "TokenStore";

    static void Main(string[] args)
    {
        UserCredential credential;

        using (var stream =
            new FileStream(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "client_secret.json"), FileMode.Open, FileAccess.Read))
        {
            string credPath = AppDomain.CurrentDomain.BaseDirectory;
            credPath = Path.Combine(credPath, "\\token.json");

            credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
                GoogleClientSecrets.Load(stream).Secrets,
                Scopes,
                "user",
                CancellationToken.None,
                new FileDataStore(credPath, true)).Result;
            Console.WriteLine("Credential file saved to: " + credPath);
        }

    }
}

```

question

Most helpful comment

Oh right, I see. The code is mixing up service credentials and oauth credentials.
I thought you were wanting to use oauth, but if you've downloaded a service credential then don't use GoogleWebAuthorizationBroker, that's for oauth.
Create a credential like this: var cred = GoogleCredentials.FromFile(<path to file>).CreateScoped(<scopes you require>);.

All 9 comments

This "At least one client secrets (Installed or Web) should be set" error would suggest that your client_secret.json file is corrupt. At its top level it must have either an 'installed' or a 'web' element. If it doesn't then this is the problem.

@chrisdunelm Thanks for the information. After adding 'installed' the error went away but now a browser window comes up asking for credentials. Isn't the point of the credentials file to not have to re-auth? Since service accounts are used for server to server communication which a lot of times isn't monitored why would this library require user input into a browser?

Oh right, I see. The code is mixing up service credentials and oauth credentials.
I thought you were wanting to use oauth, but if you've downloaded a service credential then don't use GoogleWebAuthorizationBroker, that's for oauth.
Create a credential like this: var cred = GoogleCredentials.FromFile(<path to file>).CreateScoped(<scopes you require>);.

@chrisdunelm ok that makes more sense. Any idea what assembly contains GoogleCredentials?

It's in the nuget package Google.Apis.Auth; and the fully-qualified name is Google.Apis.Auth.OAuth2.GoogleCredential.
Here's the source-code: https://github.com/googleapis/google-api-dotnet-client/blob/aadabafd8ec8c3118e5f71e388ccb3718ee2e002/Src/Support/Google.Apis.Auth/OAuth2/GoogleCredential.cs

Closing as this looks like it's resolved. Please leave a comment with more information if you'd like to reopen.

Sorry for laete question, but i face the same problem

And i do not undersatnd the resolution.

I do not understand where to add installed.

Thanks for advance for your help

@zetondu the original problem here was that the failing code was mixing service account credentials and OAuth user authentication. If this is your problem then you have to determine which you need to use and re-write the code accordingly. You can read more about Google Auth libraries for .NET here.
If this doen'st help, then please create a new issue, describing your problem exactly. Please provide a full but simple code snippet that demonstrates the problem and state clearly what result your are getting vs. what result you were expecting.

Thanks, i will have a look on the auth2 link

Was this page helpful?
0 / 5 - 0 ratings