Paukdcn Paukdcn - 2 months ago 49
Android Question

Cloud Speech API return code=UNAUTHENTICATED, cause =java.io.IOException: Error getting access token for service account:

I use Google Cloud Speech API(StreamingRecognize via gRPC) for speech recognizing in my app. I got the problem with authenticate on Android devices API level < 23.

V/NativeCrypto: SSL handshake aborted: ssl=0x5b0ed2d0: Failure in SSL library, usually a protocol error
error:10000095:SSL routines:OPENSSL_internal:ERROR_PARSING_EXTENSION (third_party/openssl/boringssl/src/ssl/t1_lib.c:2336 0x5b0fcd50:0x00000001)
error:100000be:SSL routines:OPENSSL_internal:PARSE_TLSEXT (third_party/openssl/boringssl/src/ssl/handshake_client.c:893 0x5aca7d31:0x00000000)

V/NativeCrypto: SSL shutdown failed: ssl=0x5b0ed2d0: Failure in SSL library, usually a protocol error
error:100000fa:SSL routines:OPENSSL_internal:SHUTDOWN_WHILE_IN_INIT (third_party/openssl/boringssl/src/ssl/ssl_lib.c:703 0x5aca7d31:0x00000000)

V/NativeCrypto: SSL handshake aborted: ssl=0x58523fb8: Failure in SSL library, usually a protocol error
error:1000042e:SSL routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION (third_party/openssl/boringssl/src/ssl/tls_record.c:469 0x5b258bd8:0x00000001)

V/NativeCrypto: SSL shutdown failed: ssl=0x58523fb8: Failure in SSL library, usually a protocol error
error:100000fa:SSL routines:OPENSSL_internal:SHUTDOWN_WHILE_IN_INIT (third_party/openssl/boringssl/src/ssl/ssl_lib.c:703 0x5aca7d31:0x00000000)

Status{code=UNAUTHENTICATED, description=null, cause=java.io.IOException: Error getting access token for service account: }


I don't get this error everytime, but only on specific case. I have two activity. Let's name A and B.

Activity A has a button, which starts Activity B.
Activity B communicates with Google Cloud Speech API and show results in TextView.

I get this error after following steps(on Samsung GT-P5110 (Android 4.2.2)):


  1. Start Activity A -> press Button to start Activity B.



// In first time everything is Okay. I receive result from server and show this.


  1. Close Activity B (press Back Button or call onBackPressed or finish).

  2. Press button to start Activity B.



// In this moment I get error, which was show above.

I get this error on Lenovo A1000 (API 5.0.1) and Xiaomi Mi4c (5.0.1) after:


  1. Start Activity A -> press Button to start Activity B.

  2. Close Activity B (press Back Button or call onBackPressed or finish).

  3. Press button to start Activity B.



// Everything is Okay


  1. Close Activity B (press Back Button or call onBackPressed or finish).

  2. Minimize app .

  3. After 5-6 or more minutes go back to Activity A.

  4. Start Activity B.



// In this moment I always get this error.

After restart application everything is Okay, but error appears after reopen Activity B.

Who knows how I can solve this problem?

I use Play Services Dynamic Security Provider (It is required for gRPC).
I installed last version Google Play Services (9.6.83). It doesn't resolve the problem.

I create ManagedChannel by following code:

GoogleCredentials creds = GoogleCredentials.fromStream(credentials);
creds = creds.createScoped(OAUTH2_SCOPES);
OkHttpChannelProvider provider = new OkHttpChannelProvider();
OkHttpChannelBuilder builder = provider.builderForAddress(host, port);
ManagedChannel channel = builder.intercept(new ClientAuthInterceptor(creds, Executors
.newSingleThreadExecutor
()))
.build();

private static final List<String> OAUTH2_SCOPES =
Arrays.asList("https://www.googleapis.com/auth/cloud-platform");


Create SpeechGrpc.SpeechStub :

SpeechGrpc.SpeechStub mSpeechClient = SpeechGrpc.newStub(channel);


build.gradle (Module: app)

apply plugin: 'com.android.application'
apply plugin: 'com.google.protobuf'

protobuf {
protoc {
artifact = 'com.google.protobuf:protoc:3.0.0'
}
plugins {
javalite {
artifact = "com.google.protobuf:protoc-gen-javalite:3.0.0"
}
grpc {
artifact = 'io.grpc:protoc-gen-grpc-java:1.0.1'
}
}
generateProtoTasks {
all().each { task ->
task.plugins {
javalite {}
grpc {
// Options added to --grpc_out
option 'lite'
}
}
}

}
}
android {
compileSdkVersion 24
buildToolsVersion "24.0.2"

dexOptions {
javaMaxHeapSize "2048M"
}

defaultConfig {
applicationId "someAppID"
minSdkVersion 15
targetSdkVersion 24
versionCode 1
versionName "1.0.10"
multiDexEnabled true
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}

def grpcVersion = '1.0.1'

dependencies {
compile fileTree(include: ['*.jar'], dir: 'libs')
testCompile 'junit:junit:4.12'
compile 'com.android.support:multidex:1.0.1'
compile 'com.android.support:appcompat-v7:24.2.1'
compile 'javax.annotation:javax.annotation-api:1.2'
compile 'com.google.android.gms:play-services:9.6.0'
compile "io.grpc:grpc-okhttp:${grpcVersion}"
compile "io.grpc:grpc-protobuf:${grpcVersion}"
compile "io.grpc:grpc-stub:${grpcVersion}"
compile "io.grpc:grpc-auth:${grpcVersion}"
compile ('com.google.auth:google-auth-library-oauth2-http:0.3.0'){
exclude module: 'httpclient'
}
compile 'com.squareup.retrofit2:retrofit:2.1.0'
compile 'com.squareup.retrofit2:converter-gson:2.1.0'
compile 'com.itextpdf:itextg:5.5.9'
compile 'com.android.support:recyclerview-v7:24.2.1'
}


build.gradle (Project)

buildscript {
repositories {
jcenter()
}
dependencies {
classpath 'com.android.tools.build:gradle:2.2.0'
classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.0'

// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
}
}
allprojects {
repositories {
// mavenLocal()
jcenter()
}
}

task clean(type: Delete) {
delete rootProject.buildDir
}


thank you for your time :)

Answer

I reported this issue in the forum.

The problem occurs because you are embedding your Service Account credentials in the application. After a period of time, when the token that is created is internally refreshed, the error is thrown from:

com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken link

In production, you will supply the access token from your server and therefore be able to instantiate the GoogleCredentials as so:

    final GoogleCredentials googleCredentials = new GoogleCredentials(accessToken) {
        @Override
        public AccessToken refreshAccessToken() throws IOException {
            return accessToken;
        }
    }.createScoped(OAUTH2_SCOPES);

This will prevent the error from being thrown.