fix: set Content-Type header in the request to signBlob API to avoid Invalid JSON payload error (#439)
`auth.create_custom_token()` results in an error:
```
Failed to sign custom token. Error calling the IAM signBytes API:{ (...)
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name \"{\"bytesToSign\": \"...\"}\": Cannot bind query parameter. Field '{\"bytesToSign\": \"...\"}' could not be found in request message.",
"status": "INVALID_ARGUMENT",
"details": [
{
"@type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"description": "Invalid JSON payload received. Unknown name \"{\"bytesToSign\": \"...\"}\": Cannot bind query parameter. Field '{\"bytesToSign\": \"...\"}' could not be found in request message."
}
]
}
]
}
}
```
I have confirmed setting `'Content-Type': 'application/json'` header resolves the problem.
diff --git a/google/auth/iam.py b/google/auth/iam.py
index bd05004..d83b251 100644
--- a/google/auth/iam.py
+++ b/google/auth/iam.py
@@ -69,7 +69,7 @@
method = "POST"
url = _SIGN_BLOB_URI.format(self._service_account_email)
- headers = {}
+ headers = {"Content-Type": "application/json"}
body = json.dumps(
{"bytesToSign": base64.b64encode(message).decode("utf-8")}
).encode("utf-8")
diff --git a/tests/test_iam.py b/tests/test_iam.py
index 4367fe7..cb2c26f 100644
--- a/tests/test_iam.py
+++ b/tests/test_iam.py
@@ -89,6 +89,8 @@
returned_signature = signer.sign("123")
assert returned_signature == signature
+ kwargs = request.call_args.kwargs
+ assert kwargs["headers"]["Content-Type"] == "application/json"
def test_sign_bytes_failure(self):
request = make_request(http_client.UNAUTHORIZED)