https://github.com/googleapis/google-api-java-client/blob/main/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java#L231
In #1661, Utils.getDefaultJsonFactory() was changed to use the GsonFactory. Gson, in part because of an underspecification of thrown exceptions googleapis/google-http-java-client#1353, will throw IllegalArgumentException instead of IOException when it gets invalid data (or even valid data that it cannot coerce into the Java class's members; e.g., 34.0 cannot be treated as an int).
Mutating the exception thrown by a JsonFactory is mildly problematic, but auth failures are such a crucial problem domain, having these types of errors escape their handlers seems more significant.
Thus, unless the JsonParser spec is updated and the GsonParser amended to abide by that spec, I would like to suggest a local workaround to reduce the likelihood of problems here by wrapping the call to parseAndClose and catch IllegalArgumentException, rethrowing it as an IOException.
Environment details
- API: Auth (or Core)
- OS type and version: 5.17.6-1rodete1-amd64
- Java version: OpenJDK Runtime Environment (build 11.0.13+8-google-release-451398016) OpenJDK 64-Bit Server VM (build 11.0.13+8-google-release-451398016, mixed mode, sharing)
- version(s): ~head (with local patches)
Steps to reproduce
- Create a bogus credential
InputStream, e.g., from a string like "Invalid JSON"
- Call
GoogleCredential.fromStream(malformedInputStream) on said stream
Stack trace
Caused by: java.lang.IllegalArgumentException: expected primitive class, but got: class com.google.api.client.json.GenericJson
at com.google.api.client.util.Data.parsePrimitiveValue(Data.java:467)
at com.google.api.client.json.JsonParser.parseValue(JsonParser.java:870)
at com.google.api.client.json.JsonParser.parse(JsonParser.java:361)
at com.google.api.client.json.JsonParser.parse(JsonParser.java:336)
at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:79)
at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:73)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.fromStream(GoogleCredential.java:250)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.fromStream(GoogleCredential.java:226)
External references such as API reference guides
https://github.com/googleapis/google-api-java-client/blob/main/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java#L231
In #1661,
Utils.getDefaultJsonFactory()was changed to use theGsonFactory.Gson, in part because of an underspecification of thrown exceptions googleapis/google-http-java-client#1353, will throwIllegalArgumentExceptioninstead ofIOExceptionwhen it gets invalid data (or even valid data that it cannot coerce into the Java class's members; e.g.,34.0cannot be treated as anint).Mutating the exception thrown by a
JsonFactoryis mildly problematic, but auth failures are such a crucial problem domain, having these types of errors escape their handlers seems more significant.Thus, unless the
JsonParserspec is updated and theGsonParseramended to abide by that spec, I would like to suggest a local workaround to reduce the likelihood of problems here by wrapping the call toparseAndCloseand catchIllegalArgumentException, rethrowing it as anIOException.Environment details
Steps to reproduce
InputStream, e.g., from a string like"Invalid JSON"GoogleCredential.fromStream(malformedInputStream)on said streamStack trace
External references such as API reference guides