googleauth 0.17.1 → 1.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +112 -62
- data/README.md +49 -14
- data/lib/googleauth/application_default.rb +11 -26
- data/lib/googleauth/base_client.rb +80 -0
- data/lib/googleauth/client_id.rb +10 -25
- data/lib/googleauth/compute_engine.rb +10 -25
- data/lib/googleauth/credentials.rb +12 -27
- data/lib/googleauth/credentials_loader.rb +27 -43
- data/lib/googleauth/default_credentials.rb +15 -25
- data/lib/googleauth/external_account/aws_credentials.rb +378 -0
- data/lib/googleauth/external_account/base_credentials.rb +158 -0
- data/lib/googleauth/external_account/external_account_utils.rb +103 -0
- data/lib/googleauth/external_account/identity_pool_credentials.rb +118 -0
- data/lib/googleauth/external_account/pluggable_credentials.rb +156 -0
- data/lib/googleauth/external_account.rb +93 -0
- data/lib/googleauth/helpers/connection.rb +35 -0
- data/lib/googleauth/iam.rb +10 -25
- data/lib/googleauth/id_tokens/errors.rb +9 -23
- data/lib/googleauth/id_tokens/key_sources.rb +19 -33
- data/lib/googleauth/id_tokens/verifier.rb +9 -23
- data/lib/googleauth/id_tokens.rb +11 -25
- data/lib/googleauth/json_key_reader.rb +10 -25
- data/lib/googleauth/oauth2/sts_client.rb +109 -0
- data/lib/googleauth/scope_util.rb +10 -25
- data/lib/googleauth/service_account.rb +11 -28
- data/lib/googleauth/signet.rb +16 -58
- data/lib/googleauth/stores/file_token_store.rb +10 -25
- data/lib/googleauth/stores/redis_token_store.rb +10 -25
- data/lib/googleauth/token_store.rb +10 -25
- data/lib/googleauth/user_authorizer.rb +10 -25
- data/lib/googleauth/user_refresh.rb +15 -27
- data/lib/googleauth/version.rb +11 -26
- data/lib/googleauth/web_user_authorizer.rb +10 -25
- data/lib/googleauth.rb +10 -25
- metadata +26 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5437d56e0c86ce235d37a202af1a28219a9caeb0bc0f8abac5540cc1d73edf28
|
4
|
+
data.tar.gz: f56369065e2abc56fb51abccc5003264f8c9ef3e745c202e06e5cb4c6b083d84
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f350fb9178517f4782c1dcf08804f5b0ec6bb12ed6dd460ff9c7a875b5929146bf357d797a52cb976878ef25ca8e3439d90b41dfb0e44fbf0b1cfcdf1109ec85
|
7
|
+
data.tar.gz: 5a1811530c2a2f5321937bdc90f157f7b55cf0b4c77c7c8f98e87474cfd22b06154987279003cefcb3f8cb400f690364078f9dd0302286f6cbd6d94afde826b3
|
data/CHANGELOG.md
CHANGED
@@ -1,85 +1,145 @@
|
|
1
1
|
# Release History
|
2
2
|
|
3
|
-
###
|
3
|
+
### 1.7.0 (2023-07-14)
|
4
4
|
|
5
|
-
|
5
|
+
#### Features
|
6
6
|
|
7
|
-
*
|
7
|
+
* Adding support for pluggable auth credentials ([#437](https://github.com/googleapis/google-auth-library-ruby/issues/437))
|
8
|
+
#### Documentation
|
8
9
|
|
9
|
-
|
10
|
+
* fixed iss argument and description in comments of IDTokens ([#438](https://github.com/googleapis/google-auth-library-ruby/issues/438))
|
10
11
|
|
12
|
+
### 1.6.0 (2023-06-20)
|
11
13
|
|
12
|
-
|
14
|
+
#### Features
|
13
15
|
|
14
|
-
*
|
16
|
+
* adding identity pool credentials ([#433](https://github.com/googleapis/google-auth-library-ruby/issues/433))
|
17
|
+
#### Documentation
|
15
18
|
|
16
|
-
|
19
|
+
* deprecation message for discontinuing command line auth flow ([#435](https://github.com/googleapis/google-auth-library-ruby/issues/435))
|
17
20
|
|
21
|
+
### 1.5.2 (2023-04-13)
|
18
22
|
|
19
|
-
|
23
|
+
#### Bug Fixes
|
20
24
|
|
21
|
-
*
|
25
|
+
* AWS IMDSV2 session token fetching shall call PUT method instead of GET ([#429](https://github.com/googleapis/google-auth-library-ruby/issues/429))
|
26
|
+
* GCECredentials - Allow retrieval of ID token ([#425](https://github.com/googleapis/google-auth-library-ruby/issues/425))
|
22
27
|
|
23
|
-
###
|
28
|
+
### 1.5.1 (2023-04-10)
|
24
29
|
|
30
|
+
#### Bug Fixes
|
25
31
|
|
26
|
-
|
32
|
+
* Remove external account config validation ([#427](https://github.com/googleapis/google-auth-library-ruby/issues/427))
|
27
33
|
|
28
|
-
|
34
|
+
### 1.5.0 (2023-03-21)
|
29
35
|
|
30
|
-
|
36
|
+
#### Features
|
31
37
|
|
38
|
+
* Add support for AWS Workload Identity Federation ([#418](https://github.com/googleapis/google-auth-library-ruby/issues/418))
|
32
39
|
|
33
|
-
###
|
40
|
+
### 1.4.0 (2022-12-14)
|
34
41
|
|
35
|
-
|
42
|
+
#### Features
|
36
43
|
|
37
|
-
|
44
|
+
* make new_jwt_token public in order to fetch raw token directly ([#405](https://github.com/googleapis/google-auth-library-ruby/issues/405))
|
38
45
|
|
46
|
+
### 1.3.0 (2022-10-18)
|
39
47
|
|
40
|
-
|
48
|
+
#### Features
|
41
49
|
|
42
|
-
*
|
50
|
+
* Use OpenSSL 3.0 compatible interfaces for IDTokens ([#397](https://github.com/googleapis/google-auth-library-ruby/issues/397))
|
43
51
|
|
44
|
-
|
52
|
+
### 1.2.0 (2022-06-23)
|
45
53
|
|
54
|
+
* Updated minimum Ruby version to 2.6
|
46
55
|
|
47
|
-
###
|
56
|
+
### 1.1.3 (2022-04-20)
|
48
57
|
|
49
|
-
|
50
|
-
* Service accounts apply a self-signed JWT if scopes are marked as default ([d22acb8](https://www.github.com/googleapis/google-auth-library-ruby/commit/d22acb8a510e6711b5674545c31a4816e5a9168f))
|
58
|
+
#### Documentation
|
51
59
|
|
60
|
+
* Add README instructions for 3-Legged OAuth with a service account
|
52
61
|
|
53
|
-
###
|
62
|
+
### 1.1.2 (2022-02-22)
|
54
63
|
|
55
|
-
|
56
|
-
* Support correct service account and user refresh behavior for custom credential env variables ([d2dffe5](https://www.github.com/googleapis/google-auth-library-ruby/commit/d2dffe592112b45006291ad9a57f56e00fb208c3))
|
64
|
+
#### Bug Fixes
|
57
65
|
|
58
|
-
|
66
|
+
* Support Faraday 2
|
67
|
+
|
68
|
+
### 1.1.1 (2022-02-14)
|
69
|
+
|
70
|
+
#### Bug Fixes
|
71
|
+
|
72
|
+
* add quota_project to user refresh credentials
|
73
|
+
|
74
|
+
### 1.1.0 (2021-10-24)
|
75
|
+
|
76
|
+
#### Features
|
77
|
+
|
78
|
+
* Support short-lived tokens in Credentials
|
79
|
+
|
80
|
+
### 1.0.0 (2021-09-27)
|
81
|
+
|
82
|
+
Bumped version to 1.0.0. Releases from this point will follow semver.
|
83
|
+
|
84
|
+
* Allow dependency on future 1.x versions of signet
|
85
|
+
* Prevented gcloud from authenticating on the console when getting the gcloud project
|
86
|
+
|
87
|
+
### 0.17.1 (2021-09-01)
|
88
|
+
|
89
|
+
* Updates to gem metadata
|
90
|
+
|
91
|
+
### 0.17.0 (2021-07-30)
|
92
|
+
|
93
|
+
* Allow scopes to be self-signed into jwts
|
94
|
+
|
95
|
+
### 0.16.2 (2021-04-28)
|
96
|
+
|
97
|
+
* Stop attempting to get the project from gcloud when applying self-signed JWTs
|
98
|
+
|
99
|
+
### 0.16.1 (2021-04-01)
|
100
|
+
|
101
|
+
* Accept application/text content-type for plain idtoken response
|
102
|
+
|
103
|
+
### 0.16.0 (2021-03-04)
|
104
|
+
|
105
|
+
* Drop support for Ruby 2.4 and add support for Ruby 3.0
|
106
|
+
|
107
|
+
### 0.15.1 (2021-02-08)
|
108
|
+
|
109
|
+
* Fix crash when using a client credential without any paths or env_vars set
|
110
|
+
|
111
|
+
### 0.15.0 (2021-01-26)
|
112
|
+
|
113
|
+
* Credential parameters inherit from superclasses
|
114
|
+
* Service accounts apply a self-signed JWT if scopes are marked as default
|
115
|
+
* Retry fetch_access_token when GCE metadata server returns unexpected errors
|
116
|
+
* Support correct service account and user refresh behavior for custom credential env variables
|
117
|
+
|
118
|
+
### 0.14.0 / 2020-10-09
|
59
119
|
|
60
120
|
* Honor GCE_METADATA_HOST environment variable
|
61
121
|
* Fix errors in some environments when requesting an access token for multiple scopes
|
62
122
|
|
63
|
-
|
123
|
+
### 0.13.1 / 2020-07-30
|
64
124
|
|
65
125
|
* Support scopes when using GCE Metadata Server authentication ([@ball-hayden][])
|
66
126
|
|
67
|
-
|
127
|
+
### 0.13.0 / 2020-06-17
|
68
128
|
|
69
129
|
* Support for validating ID tokens.
|
70
130
|
* Fixed header application of ID tokens from service accounts.
|
71
131
|
|
72
|
-
|
132
|
+
### 0.12.0 / 2020-04-08
|
73
133
|
|
74
134
|
* Support for ID token credentials.
|
75
135
|
* Support reading quota_id_project from service account credentials.
|
76
136
|
|
77
|
-
|
137
|
+
### 0.11.0 / 2020-02-24
|
78
138
|
|
79
139
|
* Support Faraday 1.x.
|
80
140
|
* Allow special "postmessage" value for redirect_uri.
|
81
141
|
|
82
|
-
|
142
|
+
### 0.10.0 / 2019-10-09
|
83
143
|
|
84
144
|
Note: This release now requires Ruby 2.4 or later
|
85
145
|
|
@@ -89,7 +149,7 @@ Note: This release now requires Ruby 2.4 or later
|
|
89
149
|
* Set instance variables at initialization to avoid spamming warnings
|
90
150
|
* Pass "Metadata-Flavor" header to metadata server when checking for GCE
|
91
151
|
|
92
|
-
|
152
|
+
### 0.9.0 / 2019-08-05
|
93
153
|
|
94
154
|
* Restore compatibility with Ruby 2.0. This is the last release that will work on end-of-lifed versions of Ruby. The 0.10 release will require Ruby 2.4 or later.
|
95
155
|
* Update Credentials to use methods for values that are intended to be changed by users, replacing constants.
|
@@ -98,105 +158,95 @@ Note: This release now requires Ruby 2.4 or later
|
|
98
158
|
* Add verbosity none to gcloud command
|
99
159
|
* Make arity of WebUserAuthorizer#get_credentials compatible with the base class
|
100
160
|
|
101
|
-
|
161
|
+
### 0.8.1 / 2019-03-27
|
102
162
|
|
103
163
|
* Silence unnecessary gcloud warning
|
104
164
|
* Treat empty credentials environment variables as unset
|
105
165
|
|
106
|
-
|
166
|
+
### 0.8.0 / 2019-01-02
|
107
167
|
|
108
168
|
* Support connection options :default_connection and :connection_builder when creating credentials that need to refresh OAuth tokens. This lets clients provide connection objects with custom settings, such as proxies, needed for the client environment.
|
109
169
|
* Removed an unnecessary warning about project IDs.
|
110
170
|
|
111
|
-
|
171
|
+
### 0.7.1 / 2018-10-25
|
112
172
|
|
113
173
|
* Make load_gcloud_project_id module function.
|
114
174
|
|
115
|
-
|
175
|
+
### 0.7.0 / 2018-10-24
|
116
176
|
|
117
177
|
* Add project_id instance variable to UserRefreshCredentials, ServiceAccountCredentials, and Credentials.
|
118
178
|
|
119
|
-
|
179
|
+
### 0.6.7 / 2018-10-16
|
120
180
|
|
121
181
|
* Update memoist dependency to ~> 0.16.
|
122
182
|
|
123
|
-
|
183
|
+
### 0.6.6 / 2018-08-22
|
124
184
|
|
125
185
|
* Remove ruby version warnings.
|
126
186
|
|
127
|
-
|
187
|
+
### 0.6.5 / 2018-08-16
|
128
188
|
|
129
189
|
* Fix incorrect http verb when revoking credentials.
|
130
190
|
* Warn on EOL ruby versions.
|
131
191
|
|
132
|
-
|
192
|
+
### 0.6.4 / 2018-08-03
|
133
193
|
|
134
194
|
* Resolve issue where DefaultCredentials constant was undefined.
|
135
195
|
|
136
|
-
|
196
|
+
### 0.6.3 / 2018-08-02
|
137
197
|
|
138
198
|
* Resolve issue where token_store was being written to twice
|
139
199
|
|
140
|
-
|
200
|
+
### 0.6.2 / 2018-08-01
|
141
201
|
|
142
202
|
* Add warning when using cloud sdk credentials
|
143
203
|
|
144
|
-
|
204
|
+
### 0.6.1 / 2017-10-18
|
145
205
|
|
146
206
|
* Fix file permissions
|
147
207
|
|
148
|
-
|
208
|
+
### 0.6.0 / 2017-10-17
|
149
209
|
|
150
210
|
* Support ruby-jwt 2.0
|
151
211
|
* Add simple credentials class
|
152
212
|
|
153
|
-
|
213
|
+
### 0.5.3 / 2017-07-21
|
154
214
|
|
155
215
|
* Fix file permissions on the gem's `.rb` files.
|
156
216
|
|
157
|
-
|
217
|
+
### 0.5.2 / 2017-07-19
|
158
218
|
|
159
219
|
* Add retry mechanism when fetching access tokens in `GCECredentials` and `UserRefreshCredentials` classes.
|
160
220
|
* Update Google API OAuth2 token credential URI to v4.
|
161
221
|
|
162
|
-
|
222
|
+
### 0.5.1 / 2016-01-06
|
163
223
|
|
164
224
|
* Change header name emitted by `Client#apply` from "Authorization" to "authorization" ([@murgatroid99][])
|
165
225
|
* Fix ADC not working on some windows machines ([@vsubramani][])
|
166
|
-
[#55](https://github.com/google/google-auth-library-ruby/issues/55)
|
167
226
|
|
168
|
-
|
227
|
+
### 0.5.0 / 2015-10-12
|
169
228
|
|
170
229
|
* Initial support for user credentials ([@sqrrrl][])
|
171
230
|
* Update Signet to 0.7
|
172
231
|
|
173
|
-
|
232
|
+
### 0.4.2 / 2015-08-05
|
174
233
|
|
175
234
|
* Updated UserRefreshCredentials hash to use string keys ([@haabaato][])
|
176
|
-
[#36](https://github.com/google/google-auth-library-ruby/issues/36)
|
177
|
-
|
178
235
|
* Add support for a system default credentials file. ([@mr-salty][])
|
179
|
-
[#33](https://github.com/google/google-auth-library-ruby/issues/33)
|
180
|
-
|
181
236
|
* Fix bug when loading credentials from ENV ([@dwilkie][])
|
182
|
-
[#31](https://github.com/google/google-auth-library-ruby/issues/31)
|
183
|
-
|
184
237
|
* Relax the constraint of dependent version of multi_json ([@igrep][])
|
185
|
-
[#30](https://github.com/google/google-auth-library-ruby/issues/30)
|
186
|
-
|
187
238
|
* Enables passing credentials via environment variables. ([@haabaato][])
|
188
|
-
[#27](https://github.com/google/google-auth-library-ruby/issues/27)
|
189
239
|
|
190
|
-
|
240
|
+
### 0.4.1 / 2015-04-25
|
191
241
|
|
192
242
|
* Improves handling of --no-scopes GCE authorization ([@tbetbetbe][])
|
193
243
|
* Refactoring and cleanup ([@joneslee85][])
|
194
244
|
|
195
|
-
|
245
|
+
### 0.4.0 / 2015-03-25
|
196
246
|
|
197
247
|
* Adds an implementation of JWT header auth ([@tbetbetbe][])
|
198
248
|
|
199
|
-
|
249
|
+
### 0.3.0 / 2015-03-23
|
200
250
|
|
201
251
|
* makes the scope parameter's optional in all APIs. ([@tbetbetbe][])
|
202
252
|
* changes the scope parameter's position in various constructors. ([@tbetbetbe][])
|
data/README.md
CHANGED
@@ -14,11 +14,6 @@
|
|
14
14
|
This is Google's officially supported ruby client library for using OAuth 2.0
|
15
15
|
authorization and authentication with Google APIs.
|
16
16
|
|
17
|
-
## Alpha
|
18
|
-
|
19
|
-
This library is in Alpha. We will make an effort to support the library, but
|
20
|
-
we reserve the right to make incompatible changes when necessary.
|
21
|
-
|
22
17
|
## Install
|
23
18
|
|
24
19
|
Be sure `https://rubygems.org/` is in your gem sources.
|
@@ -102,7 +97,9 @@ get('/oauth2callback') do
|
|
102
97
|
end
|
103
98
|
```
|
104
99
|
|
105
|
-
### Example (Command Line)
|
100
|
+
### Example (Command Line) [Deprecated]
|
101
|
+
|
102
|
+
The Google Auth OOB flow has been discontiued on January 31, 2023. The OOB flow is a legacy flow that is no longer considered secure. To continue using Google Auth, please migrate your applications to a more secure flow. For more information on how to do this, please refer to this [OOB Migration](https://developers.google.com/identity/protocols/oauth2/resources/oob-migration) guide.
|
106
103
|
|
107
104
|
```ruby
|
108
105
|
require 'googleauth'
|
@@ -116,6 +113,7 @@ token_store = Google::Auth::Stores::FileTokenStore.new(
|
|
116
113
|
:file => '/path/to/tokens.yaml')
|
117
114
|
authorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store)
|
118
115
|
|
116
|
+
user_id = ENV['USER']
|
119
117
|
credentials = authorizer.get_credentials(user_id)
|
120
118
|
if credentials.nil?
|
121
119
|
url = authorizer.get_authorization_url(base_url: OOB_URI )
|
@@ -140,6 +138,43 @@ authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
|
|
140
138
|
authorizer.fetch_access_token!
|
141
139
|
```
|
142
140
|
|
141
|
+
You can also use a JSON keyfile by setting the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.
|
142
|
+
|
143
|
+
```bash
|
144
|
+
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service_account_json_key.json
|
145
|
+
```
|
146
|
+
|
147
|
+
```ruby
|
148
|
+
require 'googleauth'
|
149
|
+
require 'google/apis/drive_v3'
|
150
|
+
|
151
|
+
Drive = ::Google::Apis::DriveV3
|
152
|
+
drive = Drive::DriveService.new
|
153
|
+
|
154
|
+
scope = 'https://www.googleapis.com/auth/drive'
|
155
|
+
|
156
|
+
authorizer = Google::Auth::ServiceAccountCredentials.from_env(scope: scope)
|
157
|
+
drive.authorization = authorizer
|
158
|
+
|
159
|
+
list_files = drive.list_files()
|
160
|
+
```
|
161
|
+
|
162
|
+
### 3-Legged OAuth with a Service Account
|
163
|
+
|
164
|
+
This is similar to regular service account authorization (see [this answer](https://support.google.com/a/answer/2538798?hl=en) for more details on the differences), but you'll need to indicate which user your service account is impersonating by manually updating the `sub` field.
|
165
|
+
|
166
|
+
```ruby
|
167
|
+
scope = 'https://www.googleapis.com/auth/androidpublisher'
|
168
|
+
|
169
|
+
authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
|
170
|
+
json_key_io: File.open('/path/to/service_account_json_key.json'),
|
171
|
+
scope: scope
|
172
|
+
)
|
173
|
+
authorizer.update!(sub: "email-to-impersonate@your-domain.com")
|
174
|
+
|
175
|
+
authorizer.fetch_access_token!
|
176
|
+
```
|
177
|
+
|
143
178
|
### Example (Environment Variables)
|
144
179
|
|
145
180
|
```bash
|
@@ -182,14 +217,14 @@ Custom storage implementations can also be used. See
|
|
182
217
|
|
183
218
|
## Supported Ruby Versions
|
184
219
|
|
185
|
-
This library is supported on Ruby 2.
|
220
|
+
This library is supported on Ruby 2.6+.
|
186
221
|
|
187
222
|
Google provides official support for Ruby versions that are actively supported
|
188
|
-
by Ruby Core—that is, Ruby versions that are either in normal maintenance or
|
189
|
-
security maintenance, and not end of life.
|
190
|
-
|
191
|
-
|
192
|
-
|
223
|
+
by Ruby Core—that is, Ruby versions that are either in normal maintenance or
|
224
|
+
in security maintenance, and not end of life. Older versions of Ruby _may_
|
225
|
+
still work, but are unsupported and not recommended. See
|
226
|
+
https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby
|
227
|
+
support schedule.
|
193
228
|
|
194
229
|
## License
|
195
230
|
|
@@ -209,5 +244,5 @@ hesitate to
|
|
209
244
|
about the client or APIs on [StackOverflow](http://stackoverflow.com).
|
210
245
|
|
211
246
|
[application default credentials]: https://developers.google.com/accounts/docs/application-default-credentials
|
212
|
-
[contributing]: https://github.com/googleapis/google-auth-library-ruby/tree/
|
213
|
-
[license]: https://github.com/googleapis/google-auth-library-ruby/tree/
|
247
|
+
[contributing]: https://github.com/googleapis/google-auth-library-ruby/tree/main/.github/CONTRIBUTING.md
|
248
|
+
[license]: https://github.com/googleapis/google-auth-library-ruby/tree/main/LICENSE
|
@@ -1,31 +1,16 @@
|
|
1
|
-
# Copyright 2015
|
2
|
-
# All rights reserved.
|
1
|
+
# Copyright 2015 Google, Inc.
|
3
2
|
#
|
4
|
-
#
|
5
|
-
#
|
6
|
-
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
7
6
|
#
|
8
|
-
#
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
17
8
|
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
29
14
|
|
30
15
|
require "googleauth/compute_engine"
|
31
16
|
require "googleauth/default_credentials"
|
@@ -75,7 +60,7 @@ module Google
|
|
75
60
|
GCECredentials.unmemoize_all
|
76
61
|
raise NOT_FOUND_ERROR
|
77
62
|
end
|
78
|
-
GCECredentials.new scope: scope
|
63
|
+
GCECredentials.new options.merge(scope: scope)
|
79
64
|
end
|
80
65
|
end
|
81
66
|
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# Copyright 2023 Google, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module Google
|
16
|
+
# Module Auth provides classes that provide Google-specific authorization
|
17
|
+
# used to access Google APIs.
|
18
|
+
module Auth
|
19
|
+
# BaseClient is a class used to contain common methods that are required by any
|
20
|
+
# Credentials Client, including AwsCredentials, ServiceAccountCredentials,
|
21
|
+
# and UserRefreshCredentials. This is a superclass of Signet::OAuth2::Client
|
22
|
+
# and has been created to create a generic interface for all credentials clients
|
23
|
+
# to use, including ones which do not inherit from Signet::OAuth2::Client.
|
24
|
+
module BaseClient
|
25
|
+
AUTH_METADATA_KEY = :authorization
|
26
|
+
|
27
|
+
# Updates a_hash updated with the authentication token
|
28
|
+
def apply! a_hash, opts = {}
|
29
|
+
# fetch the access token there is currently not one, or if the client
|
30
|
+
# has expired
|
31
|
+
fetch_access_token! opts if needs_access_token?
|
32
|
+
a_hash[AUTH_METADATA_KEY] = "Bearer #{send token_type}"
|
33
|
+
end
|
34
|
+
|
35
|
+
# Returns a clone of a_hash updated with the authentication token
|
36
|
+
def apply a_hash, opts = {}
|
37
|
+
a_copy = a_hash.clone
|
38
|
+
apply! a_copy, opts
|
39
|
+
a_copy
|
40
|
+
end
|
41
|
+
|
42
|
+
# Whether the id_token or access_token is missing or about to expire.
|
43
|
+
def needs_access_token?
|
44
|
+
send(token_type).nil? || expires_within?(60)
|
45
|
+
end
|
46
|
+
|
47
|
+
# Returns a reference to the #apply method, suitable for passing as
|
48
|
+
# a closure
|
49
|
+
def updater_proc
|
50
|
+
proc { |a_hash, opts = {}| apply a_hash, opts }
|
51
|
+
end
|
52
|
+
|
53
|
+
def on_refresh &block
|
54
|
+
@refresh_listeners = [] unless defined? @refresh_listeners
|
55
|
+
@refresh_listeners << block
|
56
|
+
end
|
57
|
+
|
58
|
+
def notify_refresh_listeners
|
59
|
+
listeners = defined?(@refresh_listeners) ? @refresh_listeners : []
|
60
|
+
listeners.each do |block|
|
61
|
+
block.call self
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def expires_within?
|
66
|
+
raise NotImplementedError
|
67
|
+
end
|
68
|
+
|
69
|
+
private
|
70
|
+
|
71
|
+
def token_type
|
72
|
+
raise NotImplementedError
|
73
|
+
end
|
74
|
+
|
75
|
+
def fetch_access_token!
|
76
|
+
raise NotImplementedError
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
data/lib/googleauth/client_id.rb
CHANGED
@@ -1,31 +1,16 @@
|
|
1
|
-
# Copyright 2014
|
2
|
-
# All rights reserved.
|
1
|
+
# Copyright 2014 Google, Inc.
|
3
2
|
#
|
4
|
-
#
|
5
|
-
#
|
6
|
-
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
7
6
|
#
|
8
|
-
#
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
17
8
|
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
29
14
|
|
30
15
|
require "multi_json"
|
31
16
|
require "googleauth/credentials_loader"
|
@@ -1,31 +1,16 @@
|
|
1
|
-
# Copyright 2015
|
2
|
-
# All rights reserved.
|
1
|
+
# Copyright 2015 Google, Inc.
|
3
2
|
#
|
4
|
-
#
|
5
|
-
#
|
6
|
-
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
7
6
|
#
|
8
|
-
#
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
17
8
|
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
29
14
|
|
30
15
|
require "faraday"
|
31
16
|
require "googleauth/signet"
|