Trailing dots... at the end of the access_token

[jeromeSH26]

Hi,
using googleapis auth to get a valid JWT for a service account.
the auth process is runninf will but when it comes to extract the access token from the Oauth client, its value has a bunch of dots at the end.
This leads to failing in authenticating when using this access token in some headers as an Authorization bearer.
We are several to have this issue
See Stoackoverflow post here
See post here

Example of my code

const jwt: JWT = new google.auth.JWT({
      email: this._googleAuthServiceAccountEmail,
      keyFile: this._googleAuthServiceAccountKeyFilePath,
      key: this._googleAuthServiceAccountKey,
      scopes: this._googleScopes,
      subject: this._googleAuthImpersonnatedEmail,
      keyId: this._googleAuthServiceAccountKeyId,
    });

await jwt.authorize();


console.log(jwt.gtoken?.accessToken) <--- returns something like ya29.c.Kp8BCgi0lxWtUt[rest token]....................................................................................

Why all these dots at the end ? How to get rid off them ?

Thks

[jeromeSH26]

any idea ? the access_token can't be used which is blocking

[Harsimran1]

We are having the same issue. It is result in 500 errors when calling homegraph API which such access tokens.

[bshaffer]

These dots are placeholders to pad the tokens because Google will be increasing the token size (see oauth2-proxy/oauth2-proxy#1218):

On August 23, 2021, we will roll out security and reliability improvements that will increase the sizes of OAuth 2.0 access tokens for all projects.

The padding does not affect the verification of the token (e.g. you can remove them), but it's recommended not to, so that you can verify your application will work when the token size increases. From the linked issue:

We strongly recommend that you use the documented token size limits of 2048 bytes and to remove any logic in your services/code that restricts its ability to process access tokens of certain sizes.