oauth2client.client.AccessTokenRefreshError: invalid_grant Only in Docker

I have the same code with the same p12 file (checked md5 sums), same account_email, and same scope working on a number of computers, but not working in Docker containers on any of the working computers. My code snippet is as follows:

with open(self.pkcs12_file_path, 'rb') as f: key = f.read() scope = ['https://www.googleapis.com/auth/bigquery', 'https://www.googleapis.com/auth/cloud-platform'] credentials = SignedJwtAssertionCredentials(self.account_email, key, scope) http = httplib2.Http() self.http = credentials.authorize(self.http) service = discovery.build('bigquery', 'v2', http=self.http)

Whenever I try this inside of a Docker container, I get oauth2client.client.AccessTokenRefreshError: invalid_grant at the discovery.build line. I'm thinking it might have something to do with needing to expose ports, but have no idea which I'd need to expose, or if that's the actual problem. Anyone have any ideas?


This sounds like a clock issue. Google's OAuth access tokens are valid for one hour (Google refresh tokens are valid forever and you can use them to retrieve a new access token). Can you verify that the Docker container's clock is synced with the host machine (or set to your expected time zone?).

See: Will docker container auto sync time with the host machine?


  • BIGQUERY moving average with missing values
  • Genshi - how to print out all variables in scope
  • Google BigQuery: creating a view via Python google-cloud-bigquery version 0.27.0 vs. 0.28.0
  • accessing audio files from Google Cloud Storage when using Google Speech
  • BigQuery : is it possible to execute another query inside an UDF?
  • GAE Cloud Endpoints API Explorer stopped working
  • WOPI Host not called
  • Get Most Recent Column Value With Nested And Repeated Fields
  • Docker container for google cloudML on compute engine - authenticating for mounting bucket
  • Youtube upload API and cordova / phonegap
  • Sencha Touch 2.1 native (android) app not getting json from remote (it works on PC)
  • Django: DRY principle and UserPassesTestMixin
  • Consuming a web service with the Netbeans Platform
  • Cannot page through all results using nextPageToken on YouTube search API v3
  • ASP.NET windows authentication should always ask for credentials
  • Django return user model id with L
  • How to use Windows Media Foundation with UWP without a topology
  • Laravel: Getting Session ID oddly truncates when using foreach
  • Needing to do .toArray() to get output of mongodb .find() on key name not value
  • x64 applications using gdi+: what are the consequences on performance?
  • With Hadoop, can I create a tasktracker on a machine that isn't running a datanode?
  • VSO Build — Response status code does not indicate success: 404 (Not Found)
  • Exception “firebase.functions() takes … no argument …” when specifying a region for a Cloud Function
  • If I include Java 8 in my Android app does that affect which devices it will work on?
  • does jqgrid support a multiple checkbox list for editing
  • Optimizing database types to compact database (SQLite)
  • RectangularRangeIndicator format like triangular using dojo
  • How to redirect a user to a different server and include HTTP basic authentication credentials?
  • Cross-Platform Protobuf Serialization
  • Do I've to free mysql result after storing it?
  • Google cloud sdk not working when python points python3
  • Invalid access key error using credentials redeemed from an amazon open id token
  • InvalidAuthenticityToken between subdomains when logging in with Rails app
  • Revoking OAuth Access Token Results in 404 Not Found
  • SQL merge duplicate rows and join values that are different
  • Turn off referential integrity in Derby? is it possible?
  • LevelDB C iterator
  • Can't mass-assign protected attributes when import data from csv file
  • sending mail using smtp is too slow
  • XCode 8, some methods disappeared ? ex: layoutAttributesClass() -> AnyClass