3

I'm investigating the feasibility of using Google Wallet to store barcodes (for electronic prescriptions, if that matters) via the web/jwt interface.

https://codelabs.developers.google.com/add-to-wallet-web#0

After carefully following all instructions, including "Create a temporary issuer account and a sample class.", and inserting the issuerid and classid into the code (and the correct path to the key.json file) AND adding in the createPassAndToken ... it is failing with "403 Permission Denied" errors.

I can find no help about what might be causing this.

One possible issue is that the "Pass Class Id" returned in the temporary issuer account is in the form {$issuer_id}.{guid}, and internal code from the example app.js prepending the issuer_id as part of the request, leading me to believe that the class_id should be set only the the guid, but I've tried both ways and it hasn't made a difference.

As a minor irritation, all instructions assume a linux command line and I am using windows, but it's not that difficult to course correct.

Any help appreciated.

Robbie Matthews
  • 1,404
  • 14
  • 22

3 Answers3

7

You were on the right track. I got passed that step with the following changes:

  1. Remove the issuer_id from the class_id (as you described) that is shown in the "Google Wallet API Codelab Tools". It already adds the issuer_id to the class_id, which is completely misleading.

    The code should look like this:

    const issuerId = process.env.WALLET_ISSUER_ID ||  '338800....000000001';
const classId = process.env.WALLET_CLASS_ID || '71bba024-a024-a024-a024-a024da8f5771';

  2. The email address that you use to generate the temporary issuer account, has to be the same as the one that is created for the service account. In the codelab, that is

    wallet-codelab@$PROJECT_ID.iam.gserviceaccount.com.

CarHa
  • 1,148
  • 11
  • 31
1

One of the things the Codelab tutorial skips is adding the "Service Account" Email onto the Google Wallet Consoles authorized users.

  1. Find this email in your key.json file under the key client_email
  2. Copy the value from client_email and Add the email as an authorized user in the Google Wallet Console and Voila, this may solve the issue!
chrisjcarrillo
  • 11
  • 2
0

FWIW, it looks like the codelab example skips a few key steps, and I'm not convinced the temporary issuer id is still functioning. However, once I had access to a legitimate issuer Id (which is shown at the top of the Google Pay & Wallet Console) I was able to make progress. I believe the problem may be to do with linking the key.json file to those credentials.

Robbie Matthews
  • 1,404
  • 14
  • 22