Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

https://oauth2.googleapis.com/token curl: (28) Failed to connect to oauth2.googleapis.com port 443 after 227030 ms: Couldn't connect to server #2579

Closed
wenshan opened this issue Mar 15, 2024 · 1 comment
Closed

https://oauth2.googleapis.com/token curl: (28) Failed to connect to oauth2.googleapis.com port 443 after 227030 ms: Couldn't connect to server #2579

wenshan opened this issue Mar 15, 2024 · 1 comment
Assignees
@yash30201

Comments

@wenshan
Copy link

wenshan commented Mar 15, 2024

I can only write here, and other places will fall into disarray.

background:

I used the service account to obtain the JWT assertion, and then I tried to send a request to the https://oauth2.googleapis.com/token interface to obtain the access_token on the node side and curl, but both errors were reported.

error information:
curl: (28) Failed to connect to oauth2.googleapis.com port 443 after 227030 ms: Couldn't connect to server

Phenomenon:

1.postman:
截屏2024-03-15 11 32 09

code:
curl --location --request POST 'https://oauth2.googleapis.com/token?grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJlZDVhNDMwNGIwOWI4OGI2OGM3NzE1ZTJhZjI0ZWQxNmM1ZDUyNjQifQ.eyJpc3MiOiJzaG9wcGluZ0BhZmZpbGlhdGV0cmFmZmljLTQxNzIxMS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InNob3BwaW5nQGFmZmlsaWF0ZXRyYWZmaWMtNDE3MjExLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL3VzZXJpbmZvLnByb2ZpbGUgaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC91c2VyaW5mby5lbWFpbCBvcGVuaWQgaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC9jb250ZW50IiwiYXVkIjoiaHR0cHM6Ly9vYXV0aDIuZ29vZ2xlYXBpcy5jb20vdG9rZW4iLCJpYXQiOjE3MTA0Njk2NTgsImV4cCI6MTcxMDQ3MzI1OH0.dt3RADvQhUaUohELWNaGe1PfxcOXmSmj4KfkXe7vf-ZAdAoek5Z-A9R1rOdZGt-2MWBKL-DALMMVwJq7nE5JvPQUf2j4mQ34nBVGbDCLJKRpisbV9QdFgghXqyHS8Yvdq4FNn4pHllbFsK082nW0G2-IQ3S_JEUR6iqxcAfZhsMpgv3cV9OstwgDxPxsn-gZeX86dKPLRFXqu92q-r8S9N2jJ4D4GQeZd5dz7xT4H1cjjpSps1m7gqKFui06FXrDx9-lieEJB1xNJZ8t5xJA1kqOvb5T7F_mVTvNo_ehKv7-7vSIXJiDEEK0GuXsD2H8o1wTZ3KBbyeNkYDZZcnxPQ'
--header 'content-type: application/x-www-form-urlencoded'
--data ''

postman returns data:

{
"access_token": "ya29.c.c0AY_VpZgiLzFRUwaZIq8IgvaBRwcalgPvRk9_0ldsfLc46bIAxKTXWrUoRiEc2qaadiiN-FWgVTo5_BFOMJjwnQr2oWjz_v1wo9RbAzdTykpqZdfawmzMt9Zin1Kyvt_lWFNwd9KuVWNkIDcgcWNR3x1ZzQ4OecqHI1dVDZBXCwswbbw7sCKoa2uC_7Iaud3Adgyvu_dh0mcIgx80fqTQ-wcdSZ0tk98Db_j_BUNA8ULsBIhck4mkdn8eJVB7WWD5kwBfmZQRsjX9jn2KukZv0TWDwMyvsrmVMK1BF2XLwC4q6Xd2pGZ4TVuP1uaYIZ0iAioNvzi1mL-uPltlWqGW0Paa41hRT6yhTs_AkcwQyud1DeOPLiz-aqaFyLai-wG391CjezI1ivvdIegmqQvh1iv2eSgR9fJezZhpwvWnXcmIQJ402b0sMIaWqZid9ZpBdRrxhtBwoM9-5-56x2x46ze4is14J7syIWfnmWfp5151Y50O-ZW449y7l8ipyonuqRh96MOIX9VroF-x5llid2V1-MFrZW6Md2IXUl-rV-5FRBmuj891rsg5a71U-kq3pQ9BZSXMrb41p_k8iU7mUymx1k07-eOpQdc8dbg2Jw5jtWFor_irtjBmmswM477W5jIb1dRxgRhZ7eS_JfJaorUs_B7ZF5oI4mc8nixulMcSQBlBb0Xmoaxz_xt2eV_u2WqlVjXR1bbQ33ecBIc2rkrS4462epe8btxnYIcV7JjYZX0kor2nfZ59sgUXRuqMqm15OIl2qkOundUmUqOeQai-djt_SWlwUVMmswolkxIOojyxRelRyuOySBJ9B3hi5_QQVowiV71-4fXdxSmpeJrXcJmZkRjsbomcdkyRy1Sqep_a7Vm4lv-Qxx0p995Jw0lz0hs-2tqbxZcMXUwgJfp7fmUWX-hc7tUsr6Y3bxXQrII4J0ksqsOV0e4_QdmZoBYgeQ6MRft7jXi6m3F0MBXbbS_4Qhaw7rhWWwmjYbqpn-6XphyfQnh",
"expires_in": 3599,
"token_type": "Bearer"
}

I deduced that it is possible to send requests on the postman and browser side, but not on curl and node http, as follows:

2.curl & node:
截屏2024-03-15 11 45 29

code (same code as postman):
curl --location --request POST 'https://oauth2.googleapis.com/token?grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJlZDVhNDMwNGIwOWI4OGI2OGM3NzE1ZTJhZjI0ZWQxNmM1ZDUyNjQifQ.eyJpc3MiOiJzaG9wcGluZ0BhZmZpbGlhdGV0cmFmZmljLTQxNzIxMS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInN1YiI6InNob3BwaW5nQGFmZmlsaWF0ZXRyYWZmaWMtNDE3MjExLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL3VzZXJpbmZvLnByb2ZpbGUgaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC91c2VyaW5mby5lbWFpbCBvcGVuaWQgaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC9jb250ZW50IiwiYXVkIjoiaHR0cHM6Ly9vYXV0aDIuZ29vZ2xlYXBpcy5jb20vdG9rZW4iLCJpYXQiOjE3MTA0Njk2NTgsImV4cCI6MTcxMDQ3MzI1OH0.dt3RADvQhUaUohELWNaGe1PfxcOXmSmj4KfkXe7vf-ZAdAoek5Z-A9R1rOdZGt-2MWBKL-DALMMVwJq7nE5JvPQUf2j4mQ34nBVGbDCLJKRpisbV9QdFgghXqyHS8Yvdq4FNn4pHllbFsK082nW0G2-IQ3S_JEUR6iqxcAfZhsMpgv3cV9OstwgDxPxsn-gZeX86dKPLRFXqu92q-r8S9N2jJ4D4GQeZd5dz7xT4H1cjjpSps1m7gqKFui06FXrDx9-lieEJB1xNJZ8t5xJA1kqOvb5T7F_mVTvNo_ehKv7-7vSIXJiDEEK0GuXsD2H8o1wTZ3KBbyeNkYDZZcnxPQ'
--header 'content-type: application/x-www-form-urlencoded'
--data ''

error message:

curl: (28) Failed to connect to oauth2.googleapis.com port 443 after 227030 ms: Couldn't connect to server

Appeal:

curl & node http can normally request the https://oauth2.googleapis.com/token interface and return reasonable data.

I saw that the same problem occurred https://developers.google.com/identity/protocols/oauth2/service-account?authuser=1&hl=zh-cn#httprest. I think this is easy to reproduce. Brother, you can try it.
This problem also exists in the official documents.
@yash30201 yash30201 self-assigned this Mar 20, 2024
@yash30201
Copy link
Contributor

Hi @wenshan, thanks for raising this issue. The "Failed to connect" error (code 28) usually indicates a network-level problem rather than an issue with the code (and thus this library) itself. I've tried reproducing it with curl as well as using PHP curl and didn't face any issue.

Code 
<?php

use Firebase\JWT\JWT;

require_once __DIR__ . '/../vendor/autoload.php';

$key = getSignedJwtClaim();
sendCurlRequest($key);

function getSignedJwtClaim()
{
    $jwtClaims = [
        "iss" => getenv('SERVICE_ACCOUNT_EMAIL'),
        "scope" => "https://www.googleapis.com/auth/devstorage.read_only",
        "aud" => "https://oauth2.googleapis.com/token",
        "exp" => time() + 3600,
        "iat" => time()
    ];

    $key = json_decode(file_get_contents(getenv('GOOGLE_APPLICATION_CREDENTIALS')), true);
    return JWT::encode(
        $jwtClaims,
        $key['private_key'],
        'RS256'
    );
}

function sendCurlRequest($key) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'https://oauth2.googleapis.com/token');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Content-Type: application/x-www-form-urlencoded',
    ]);
    curl_setopt(
        $ch,
        CURLOPT_POSTFIELDS,
        'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=' . $key
    );

    $response = curl_exec($ch);
    $response = json_decode($response, true);
    echo "Access token => " . $response['access_token'] . PHP_EOL;
    curl_close($ch);
}

You can try adding -v flag to you curl command to get more verbose output and get some clue as to why it's happening on your system. It's very helpful that you've confirmed it works with Postman. This reinforces the idea that the issue likely lies in the network configuration on the machine where cURL is running.

As there isn't anything actionable in this library, hence closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yash30201 yash30201

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wenshan @yash30201