Skip to content
Forums
Forums
How To
Error "secretOrPriv...
 
Notifications
Clear all

Error "secretOrPrivateKey must be an asymmetric key when using RS256" with Google Service Account Credential in callin.io

 
How To
Last Post by Jon 3 weeks ago
8 Posts
6 Users
0 Reactions
6 Views
RSS
ALEJANDRO_BERROJO
 ALEJANDRO_BERROJO
(@alejandro_berrojo)
Posts: 1
New Member
Topic starter
 

I'm running into a problem when attempting to configure a Google Service Account credential in callin.io to interface with Google Document AI. My callin.io version is 1.86 (installed approximately two weeks ago, around mid-April 2025), and I'm consistently receiving the following error upon saving the credential:

“Couldn’t connect with these settings: secretOrPrivateKey must be an asymmetric key when using RS256”

What I'm Trying to Achieve

My goal is to utilize the Google Document AI API for document processing through an HTTP Request node within callin.io. For this, I need to authenticate using a Google Service Account credential.

Details of My Setup

  • callin.io Version: 1.86 (recently installed, around mid-April 2025).
  • Credential Type: Google Service Account.
  • Google Cloud Configuration:
    • Billing is enabled for the project.
    • The Document AI API is enabled.
    • The service account has been granted the Document AI Admin role.
  • HTTP Request Node:
    • Method: POST
    • Body: Transmitting a document in base64 format (e.g., {"rawDocument": {"content": "...", "mimeType": "application/pdf"}}).

What I've Attempted

  1. Using the Full JSON Key:

    • I downloaded the JSON key file from Google Cloud and pasted its entire content into the 'Private Key' field of the Google Service Account credential in callin.io.
    • Example of the JSON structure (redacted for security):
      json
      {
      "type": "service_account",
      "project_id": "[REDACTED]",
      "private_key_id": "[REDACTED]",
      "private_key": "-----BEGIN PRIVATE KEY-----n[REDACTED]n-----END PRIVATE KEY-----n",
      "client_email": "[REDACTED]",
      ...
      }
    • I double-checked to ensure there were no extraneous spaces or formatting errors.
    • Result: The error “secretOrPrivateKey must be an asymmetric key when using RS256” persists.

  2. Using Only the private_key Content:

    • I isolated just the private_key value from the JSON and pasted it into the 'Private Key' field, making sure to maintain the correct formatting with line breaks:
      json
      -----BEGIN PRIVATE KEY-----
      [REDACTED]
      -----END PRIVATE KEY-----
    • Result: The same error is encountered.

  3. Generating a New JSON Key:

    • I created a new JSON key for the service account within Google Cloud and attempted to use it (both the complete JSON and the private_key alone).
    • Result: The error remains unchanged.

  4. Verifying Google Cloud Setup:

    • Confirmed that billing is enabled.
    • Confirmed that the Document AI API is enabled.
    • Confirmed that the service account possesses the Document AI Admin role.

  5. Workaround with Manual Authentication:

    • As a temporary measure, I generated an access token using gcloud:
      bash
      gcloud auth activate-service-account [REDACTED] --key-file=/path/to/service-account.json
      gcloud auth print-access-token
    • I then utilized this token in the HTTP Request node, configuring Header Auth with Authorization: Bearer [TOKEN]. This method successfully allowed calls to the Document AI API.
    • However, this approach is not ideal due to the token's hourly expiration, and I require a more permanent solution using Google Service Account credentials.

Additional Information

  • I am using callin.io version 1.86, which I believe is a recent release (installed around mid-April 2025).
  • I've observed similar issues reported for older callin.io versions, and I had anticipated this would be resolved in version 1.86.
  • I also have a functional Google OAuth2 API credential for Document AI, but it necessitates daily reauthorization, making it unsuitable for automated processes.

Questions

  1. Is this a recognized issue with Google Service Account credentials in callin.io version 1.86?
  2. Could I be misconfiguring the credential? Should I be entering the full JSON, only the private_key, or a different format?
  3. Are there any alternative workarounds (besides manual token generation) for using Google Service Account credentials with Document AI in callin.io?
  4. Would it be advisable to try a different callin.io version, such as downgrading to 1.85 or waiting for a future release?

Any assistance would be greatly appreciated! I need to get this integration working for an automated workflow with Document AI.

 
Posted : 02/05/2025 5:19 pm
Dendi_Pradigta
 Dendi_Pradigta
(@dendi_pradigta)
Posts: 1
New Member
 

Yes, I'm encountering the exact same error. Is there a known solution for this?

 
Posted : 05/06/2025 8:51 pm
alxrmmv
 alxrmmv
(@alxrmmv)
Posts: 1
New Member
 

I'm encountering the same problem.

 
Posted : 20/06/2025 12:12 pm
Hector_Alonso
 Hector_Alonso
(@hector_alonso)
Posts: 1
New Member
 

Tengo el mismo problema. Algún admin que nos ayude?

 
Posted : 10/07/2025 11:22 pm
ricardo.moreira
 ricardo.moreira
(@ricardo-moreira)
Posts: 2
New Member
 

Hello everyone, I noticed there haven't been any responses to this issue, so I'm posting again to bring it to the top.

We are currently using callin.io Version 1.101.1. We have a Google Service Account credential set up, and it functions correctly with the standard Google Chat node. However, we need the capability to create new spaces and reply within threads to specific messages. The existing callin.io nodes do not support this functionality. Therefore, we are attempting to use the HTTP Request node. The problem we're encountering is that when we use the Google Service Account credentials to make the request, we receive the error: secretOrPrivateKey must be an asymmetric key when using RS256.

Given that Google Service Accounts rely on JWT encryption, I suspect that the HTTP Request node isn't performing the necessary encryption because it only works within the dedicated Google nodes. Is this assumption correct?

image

image512×408 10.4 KB

Could anyone offer some guidance on how to achieve this?

Thank you for your time,
RicardoMoreira

 
Posted : 11/07/2025 10:37 am
Jon
 Jon
(@jon)
Posts: 96
Trusted Member
 

When utilizing a service account with our standard Google nodes, I input the following:

-----BEGIN PRIVATE KEY-----
[REDACTED]
-----END PRIVATE KEY-----

The subsequent action is to enable the option for its use within the HTTP request node. Once this is configured, you can simply select it in the node. No additional authentication headers should be necessary, as callin.io will manage them automatically.

My credential is configured as follows, and I receive a confirmation indicating a successful connection:

image

image1249×791 66.5 KB

When attempting to call a straightforward API, such as listing files in Google Drive, I encounter the following:

image

image1298×612 73.8 KB

 
Posted : 16/07/2025 11:40 am
ricardo.moreira
 ricardo.moreira
(@ricardo-moreira)
Posts: 2
New Member
 

Thanks for the reply!

Did you remove the n from the private key?

There seems to be an issue on my end because when I click "Save", the status changes to "Testing", but I never see the green confirmation box.

The credential functions correctly with Google nodes but not with HTTP Request nodes.

 
Posted : 16/07/2025 12:52 pm
Jon
 Jon
(@jon)
Posts: 96
Trusted Member
 

Hello,

I've left the n within the key.

 
Posted : 16/07/2025 7:31 pm
Forum Jump:
  Previous Topic
Next Topic  
Share: