I am trying to call Google Cloud DocumentAI through a google service account. I have the json key that was generated for it and I load it into my application via the FixedCredentialsProvider and a GoogleCredentials object since it's not possible to load it via environment variables for my use case. This method used to work but now it throws an UNAUTHORIZED exception and something related to not having valid OAuth2 tokens. When I test the scenario using the GOOGLE_APPLICATION_CREDENTIALS env variable it works fine. Has there been a change that doesn't allow the FixedCredentials method anymore? I have not updated the sdk, it just stopped on its own. Is there a new way to load the credentials JSON key programmatically?
Ended up inspecting the SDK source to find the answer. The difference between loading via environment variables and using the GoogleCredentials is that in the latter case it does not provide OAuth2 scopes which is something that since last testing has become mandatory from Google's side for DocumentAI service. Loading the key using the environment variables goes from a different code path that provides some default scopes. We can provide the same scopes manually when loading via GoogleCredentials like so:
GoogleCredentials googleCredentials = GoogleCredentials
.fromStream(new FileInputStream(jsonKeyFile))
.createScoped(DocumentUnderstandingServiceSettings.getDefaultServiceScopes());
DocumentUnderstandingServiceClient client = DocumentUnderstandingServiceClient.create(
DocumentUnderstandingServiceSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(googleCredentials))
.build()
);
The DocumentUnderstandingServiceSettings.getDefaultServiceScopes() returns a static variable that contains the same scopes that are used by the environment variable loading method which in turn enables usage of DocumentAI with the manually created GoogleCredentials.