googleauth 0.17.1 → 1.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (36) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +112 -62
  3. data/README.md +49 -14
  4. data/lib/googleauth/application_default.rb +11 -26
  5. data/lib/googleauth/base_client.rb +80 -0
  6. data/lib/googleauth/client_id.rb +10 -25
  7. data/lib/googleauth/compute_engine.rb +10 -25
  8. data/lib/googleauth/credentials.rb +12 -27
  9. data/lib/googleauth/credentials_loader.rb +27 -43
  10. data/lib/googleauth/default_credentials.rb +15 -25
  11. data/lib/googleauth/external_account/aws_credentials.rb +378 -0
  12. data/lib/googleauth/external_account/base_credentials.rb +158 -0
  13. data/lib/googleauth/external_account/external_account_utils.rb +103 -0
  14. data/lib/googleauth/external_account/identity_pool_credentials.rb +118 -0
  15. data/lib/googleauth/external_account/pluggable_credentials.rb +156 -0
  16. data/lib/googleauth/external_account.rb +93 -0
  17. data/lib/googleauth/helpers/connection.rb +35 -0
  18. data/lib/googleauth/iam.rb +10 -25
  19. data/lib/googleauth/id_tokens/errors.rb +9 -23
  20. data/lib/googleauth/id_tokens/key_sources.rb +19 -33
  21. data/lib/googleauth/id_tokens/verifier.rb +9 -23
  22. data/lib/googleauth/id_tokens.rb +11 -25
  23. data/lib/googleauth/json_key_reader.rb +10 -25
  24. data/lib/googleauth/oauth2/sts_client.rb +109 -0
  25. data/lib/googleauth/scope_util.rb +10 -25
  26. data/lib/googleauth/service_account.rb +11 -28
  27. data/lib/googleauth/signet.rb +16 -58
  28. data/lib/googleauth/stores/file_token_store.rb +10 -25
  29. data/lib/googleauth/stores/redis_token_store.rb +10 -25
  30. data/lib/googleauth/token_store.rb +10 -25
  31. data/lib/googleauth/user_authorizer.rb +10 -25
  32. data/lib/googleauth/user_refresh.rb +15 -27
  33. data/lib/googleauth/version.rb +11 -26
  34. data/lib/googleauth/web_user_authorizer.rb +10 -25
  35. data/lib/googleauth.rb +10 -25
  36. metadata +26 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1cc321053063d0fcbe9b0ac9cece62227049fca62bb4377161cd0679342ceee9
4
- data.tar.gz: 635e4992df0bfc21fe3df120dc86347619324e685ca136aa6770c23b4104153a
3
+ metadata.gz: 5437d56e0c86ce235d37a202af1a28219a9caeb0bc0f8abac5540cc1d73edf28
4
+ data.tar.gz: f56369065e2abc56fb51abccc5003264f8c9ef3e745c202e06e5cb4c6b083d84
5
5
  SHA512:
6
- metadata.gz: 19b49461310e8b41a4062005255d51c15792481183c6fc161baf36a13e40ba1528d604ef8c17048de1661a41dfe7de6867fab3b721cd1be3b148b1c5a15f8a97
7
- data.tar.gz: 2ae55a1ad27def042196075cb8c5e46db5295797edc568126903ccd7e345a2b7400d5a30f3d79d7001588a1c25ec9fcb12ea128dfc06234dd67077a3c1aae0af
6
+ metadata.gz: f350fb9178517f4782c1dcf08804f5b0ec6bb12ed6dd460ff9c7a875b5929146bf357d797a52cb976878ef25ca8e3439d90b41dfb0e44fbf0b1cfcdf1109ec85
7
+ data.tar.gz: 5a1811530c2a2f5321937bdc90f157f7b55cf0b4c77c7c8f98e87474cfd22b06154987279003cefcb3f8cb400f690364078f9dd0302286f6cbd6d94afde826b3
data/CHANGELOG.md CHANGED
@@ -1,85 +1,145 @@
1
1
  # Release History
2
2
 
3
- ### [0.17.1](https://www.github.com/googleapis/google-auth-library-ruby/compare/googleauth/v0.15.0...googleauth/v0.17.1) (2021-09-01)
3
+ ### 1.7.0 (2023-07-14)
4
4
 
5
- ### Bug Fixes
5
+ #### Features
6
6
 
7
- * Updates to gem metadata ([fb5e56d](https://www.github.com/googleapis/google-auth-library-ruby/commit/fb5e56dad1e6ed6afd4f9b5c626e5e1495e48343))
7
+ * Adding support for pluggable auth credentials ([#437](https://github.com/googleapis/google-auth-library-ruby/issues/437))
8
+ #### Documentation
8
9
 
9
- ## [0.17.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/google-auth-library-ruby/v0.16.2...google-auth-library-ruby/v0.17.0) (2021-07-30)
10
+ * fixed iss argument and description in comments of IDTokens ([#438](https://github.com/googleapis/google-auth-library-ruby/issues/438))
10
11
 
12
+ ### 1.6.0 (2023-06-20)
11
13
 
12
- ### Features
14
+ #### Features
13
15
 
14
- * Allow scopes to be self-signed into jwts ([e67ce40](https://www.github.com/googleapis/google-auth-library-ruby/commit/e67ce40f919b7eb3723c2ec95f5b8d58315ab1ee))
16
+ * adding identity pool credentials ([#433](https://github.com/googleapis/google-auth-library-ruby/issues/433))
17
+ #### Documentation
15
18
 
16
- ### [0.16.2](https://www.github.com/googleapis/google-auth-library-ruby/compare/google-auth-library-ruby/v0.16.1...google-auth-library-ruby/v0.16.2) (2021-04-28)
19
+ * deprecation message for discontinuing command line auth flow ([#435](https://github.com/googleapis/google-auth-library-ruby/issues/435))
17
20
 
21
+ ### 1.5.2 (2023-04-13)
18
22
 
19
- ### Bug Fixes
23
+ #### Bug Fixes
20
24
 
21
- * Stop attempting to get the project from gcloud when applying self-signed JWTs ([#317](https://www.github.com/googleapis/google-auth-library-ruby/issues/317)) ([39258ca](https://www.github.com/googleapis/google-auth-library-ruby/commit/39258cacafa5c770fb40d99075a97b8e6427adba))
25
+ * AWS IMDSV2 session token fetching shall call PUT method instead of GET ([#429](https://github.com/googleapis/google-auth-library-ruby/issues/429))
26
+ * GCECredentials - Allow retrieval of ID token ([#425](https://github.com/googleapis/google-auth-library-ruby/issues/425))
22
27
 
23
- ### [0.16.1](https://www.github.com/googleapis/google-auth-library-ruby/compare/google-auth-library-ruby/v0.16.0...google-auth-library-ruby/v0.16.1) (2021-04-01)
28
+ ### 1.5.1 (2023-04-10)
24
29
 
30
+ #### Bug Fixes
25
31
 
26
- ### Bug Fixes
32
+ * Remove external account config validation ([#427](https://github.com/googleapis/google-auth-library-ruby/issues/427))
27
33
 
28
- * Accept application/text content-type for plain idtoken response ([4948ebb](https://www.github.com/googleapis/google-auth-library-ruby/commit/4948ebb3ca151e9f0433585a41bad6f415416b2d))
34
+ ### 1.5.0 (2023-03-21)
29
35
 
30
- ## [0.16.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/v0.15.1...v0.16.0) (2021-03-04)
36
+ #### Features
31
37
 
38
+ * Add support for AWS Workload Identity Federation ([#418](https://github.com/googleapis/google-auth-library-ruby/issues/418))
32
39
 
33
- ### Features
40
+ ### 1.4.0 (2022-12-14)
34
41
 
35
- * Drop support for Ruby 2.4 and add support for Ruby 3.0 ([6644806](https://www.github.com/googleapis/google-auth-library-ruby/commit/6644806ab47cea6d08e1901c2ed808e53a579bc3))
42
+ #### Features
36
43
 
37
- ## [0.15.1](https://www.github.com/googleapis/google-auth-library-ruby/compare/v0.15.0...v0.15.1) (2021-02-08)
44
+ * make new_jwt_token public in order to fetch raw token directly ([#405](https://github.com/googleapis/google-auth-library-ruby/issues/405))
38
45
 
46
+ ### 1.3.0 (2022-10-18)
39
47
 
40
- ### Bug Fixes
48
+ #### Features
41
49
 
42
- * Fix crash when using a client credential without any paths or env_vars set ([#296](https://www.github.com/googleapis/google-auth-library-ruby/issues/296)) ([c971c1a](https://www.github.com/googleapis/google-auth-library-ruby/commit/c971c1ad2d7730c0f5b389d533a972be32fbaf49))
50
+ * Use OpenSSL 3.0 compatible interfaces for IDTokens ([#397](https://github.com/googleapis/google-auth-library-ruby/issues/397))
43
51
 
44
- ## [0.15.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/v0.14.0...v0.15.0) (2021-01-26)
52
+ ### 1.2.0 (2022-06-23)
45
53
 
54
+ * Updated minimum Ruby version to 2.6
46
55
 
47
- ### Features
56
+ ### 1.1.3 (2022-04-20)
48
57
 
49
- * Credential parameters inherit from superclasses ([4fa4720](https://www.github.com/googleapis/google-auth-library-ruby/commit/4fa47206dbd62f8bbdd1b9d3721f6baee9fd1d62))
50
- * Service accounts apply a self-signed JWT if scopes are marked as default ([d22acb8](https://www.github.com/googleapis/google-auth-library-ruby/commit/d22acb8a510e6711b5674545c31a4816e5a9168f))
58
+ #### Documentation
51
59
 
60
+ * Add README instructions for 3-Legged OAuth with a service account
52
61
 
53
- ### Bug Fixes
62
+ ### 1.1.2 (2022-02-22)
54
63
 
55
- * Retry fetch_access_token when GCE metadata server returns unexpected errors ([cd9b012](https://www.github.com/googleapis/google-auth-library-ruby/commit/cd9b0126d3419b9953982f71edc9e6ba3f640e3c))
56
- * Support correct service account and user refresh behavior for custom credential env variables ([d2dffe5](https://www.github.com/googleapis/google-auth-library-ruby/commit/d2dffe592112b45006291ad9a57f56e00fb208c3))
64
+ #### Bug Fixes
57
65
 
58
- ## 0.14.0 / 2020-10-09
66
+ * Support Faraday 2
67
+
68
+ ### 1.1.1 (2022-02-14)
69
+
70
+ #### Bug Fixes
71
+
72
+ * add quota_project to user refresh credentials
73
+
74
+ ### 1.1.0 (2021-10-24)
75
+
76
+ #### Features
77
+
78
+ * Support short-lived tokens in Credentials
79
+
80
+ ### 1.0.0 (2021-09-27)
81
+
82
+ Bumped version to 1.0.0. Releases from this point will follow semver.
83
+
84
+ * Allow dependency on future 1.x versions of signet
85
+ * Prevented gcloud from authenticating on the console when getting the gcloud project
86
+
87
+ ### 0.17.1 (2021-09-01)
88
+
89
+ * Updates to gem metadata
90
+
91
+ ### 0.17.0 (2021-07-30)
92
+
93
+ * Allow scopes to be self-signed into jwts
94
+
95
+ ### 0.16.2 (2021-04-28)
96
+
97
+ * Stop attempting to get the project from gcloud when applying self-signed JWTs
98
+
99
+ ### 0.16.1 (2021-04-01)
100
+
101
+ * Accept application/text content-type for plain idtoken response
102
+
103
+ ### 0.16.0 (2021-03-04)
104
+
105
+ * Drop support for Ruby 2.4 and add support for Ruby 3.0
106
+
107
+ ### 0.15.1 (2021-02-08)
108
+
109
+ * Fix crash when using a client credential without any paths or env_vars set
110
+
111
+ ### 0.15.0 (2021-01-26)
112
+
113
+ * Credential parameters inherit from superclasses
114
+ * Service accounts apply a self-signed JWT if scopes are marked as default
115
+ * Retry fetch_access_token when GCE metadata server returns unexpected errors
116
+ * Support correct service account and user refresh behavior for custom credential env variables
117
+
118
+ ### 0.14.0 / 2020-10-09
59
119
 
60
120
  * Honor GCE_METADATA_HOST environment variable
61
121
  * Fix errors in some environments when requesting an access token for multiple scopes
62
122
 
63
- ## 0.13.1 / 2020-07-30
123
+ ### 0.13.1 / 2020-07-30
64
124
 
65
125
  * Support scopes when using GCE Metadata Server authentication ([@ball-hayden][])
66
126
 
67
- ## 0.13.0 / 2020-06-17
127
+ ### 0.13.0 / 2020-06-17
68
128
 
69
129
  * Support for validating ID tokens.
70
130
  * Fixed header application of ID tokens from service accounts.
71
131
 
72
- ## 0.12.0 / 2020-04-08
132
+ ### 0.12.0 / 2020-04-08
73
133
 
74
134
  * Support for ID token credentials.
75
135
  * Support reading quota_id_project from service account credentials.
76
136
 
77
- ## 0.11.0 / 2020-02-24
137
+ ### 0.11.0 / 2020-02-24
78
138
 
79
139
  * Support Faraday 1.x.
80
140
  * Allow special "postmessage" value for redirect_uri.
81
141
 
82
- ## 0.10.0 / 2019-10-09
142
+ ### 0.10.0 / 2019-10-09
83
143
 
84
144
  Note: This release now requires Ruby 2.4 or later
85
145
 
@@ -89,7 +149,7 @@ Note: This release now requires Ruby 2.4 or later
89
149
  * Set instance variables at initialization to avoid spamming warnings
90
150
  * Pass "Metadata-Flavor" header to metadata server when checking for GCE
91
151
 
92
- ## 0.9.0 / 2019-08-05
152
+ ### 0.9.0 / 2019-08-05
93
153
 
94
154
  * Restore compatibility with Ruby 2.0. This is the last release that will work on end-of-lifed versions of Ruby. The 0.10 release will require Ruby 2.4 or later.
95
155
  * Update Credentials to use methods for values that are intended to be changed by users, replacing constants.
@@ -98,105 +158,95 @@ Note: This release now requires Ruby 2.4 or later
98
158
  * Add verbosity none to gcloud command
99
159
  * Make arity of WebUserAuthorizer#get_credentials compatible with the base class
100
160
 
101
- ## 0.8.1 / 2019-03-27
161
+ ### 0.8.1 / 2019-03-27
102
162
 
103
163
  * Silence unnecessary gcloud warning
104
164
  * Treat empty credentials environment variables as unset
105
165
 
106
- ## 0.8.0 / 2019-01-02
166
+ ### 0.8.0 / 2019-01-02
107
167
 
108
168
  * Support connection options :default_connection and :connection_builder when creating credentials that need to refresh OAuth tokens. This lets clients provide connection objects with custom settings, such as proxies, needed for the client environment.
109
169
  * Removed an unnecessary warning about project IDs.
110
170
 
111
- ## 0.7.1 / 2018-10-25
171
+ ### 0.7.1 / 2018-10-25
112
172
 
113
173
  * Make load_gcloud_project_id module function.
114
174
 
115
- ## 0.7.0 / 2018-10-24
175
+ ### 0.7.0 / 2018-10-24
116
176
 
117
177
  * Add project_id instance variable to UserRefreshCredentials, ServiceAccountCredentials, and Credentials.
118
178
 
119
- ## 0.6.7 / 2018-10-16
179
+ ### 0.6.7 / 2018-10-16
120
180
 
121
181
  * Update memoist dependency to ~> 0.16.
122
182
 
123
- ## 0.6.6 / 2018-08-22
183
+ ### 0.6.6 / 2018-08-22
124
184
 
125
185
  * Remove ruby version warnings.
126
186
 
127
- ## 0.6.5 / 2018-08-16
187
+ ### 0.6.5 / 2018-08-16
128
188
 
129
189
  * Fix incorrect http verb when revoking credentials.
130
190
  * Warn on EOL ruby versions.
131
191
 
132
- ## 0.6.4 / 2018-08-03
192
+ ### 0.6.4 / 2018-08-03
133
193
 
134
194
  * Resolve issue where DefaultCredentials constant was undefined.
135
195
 
136
- ## 0.6.3 / 2018-08-02
196
+ ### 0.6.3 / 2018-08-02
137
197
 
138
198
  * Resolve issue where token_store was being written to twice
139
199
 
140
- ## 0.6.2 / 2018-08-01
200
+ ### 0.6.2 / 2018-08-01
141
201
 
142
202
  * Add warning when using cloud sdk credentials
143
203
 
144
- ## 0.6.1 / 2017-10-18
204
+ ### 0.6.1 / 2017-10-18
145
205
 
146
206
  * Fix file permissions
147
207
 
148
- ## 0.6.0 / 2017-10-17
208
+ ### 0.6.0 / 2017-10-17
149
209
 
150
210
  * Support ruby-jwt 2.0
151
211
  * Add simple credentials class
152
212
 
153
- ## 0.5.3 / 2017-07-21
213
+ ### 0.5.3 / 2017-07-21
154
214
 
155
215
  * Fix file permissions on the gem's `.rb` files.
156
216
 
157
- ## 0.5.2 / 2017-07-19
217
+ ### 0.5.2 / 2017-07-19
158
218
 
159
219
  * Add retry mechanism when fetching access tokens in `GCECredentials` and `UserRefreshCredentials` classes.
160
220
  * Update Google API OAuth2 token credential URI to v4.
161
221
 
162
- ## 0.5.1 / 2016-01-06
222
+ ### 0.5.1 / 2016-01-06
163
223
 
164
224
  * Change header name emitted by `Client#apply` from "Authorization" to "authorization" ([@murgatroid99][])
165
225
  * Fix ADC not working on some windows machines ([@vsubramani][])
166
- [#55](https://github.com/google/google-auth-library-ruby/issues/55)
167
226
 
168
- ## 0.5.0 / 2015-10-12
227
+ ### 0.5.0 / 2015-10-12
169
228
 
170
229
  * Initial support for user credentials ([@sqrrrl][])
171
230
  * Update Signet to 0.7
172
231
 
173
- ## 0.4.2 / 2015-08-05
232
+ ### 0.4.2 / 2015-08-05
174
233
 
175
234
  * Updated UserRefreshCredentials hash to use string keys ([@haabaato][])
176
- [#36](https://github.com/google/google-auth-library-ruby/issues/36)
177
-
178
235
  * Add support for a system default credentials file. ([@mr-salty][])
179
- [#33](https://github.com/google/google-auth-library-ruby/issues/33)
180
-
181
236
  * Fix bug when loading credentials from ENV ([@dwilkie][])
182
- [#31](https://github.com/google/google-auth-library-ruby/issues/31)
183
-
184
237
  * Relax the constraint of dependent version of multi_json ([@igrep][])
185
- [#30](https://github.com/google/google-auth-library-ruby/issues/30)
186
-
187
238
  * Enables passing credentials via environment variables. ([@haabaato][])
188
- [#27](https://github.com/google/google-auth-library-ruby/issues/27)
189
239
 
190
- ## 0.4.1 / 2015-04-25
240
+ ### 0.4.1 / 2015-04-25
191
241
 
192
242
  * Improves handling of --no-scopes GCE authorization ([@tbetbetbe][])
193
243
  * Refactoring and cleanup ([@joneslee85][])
194
244
 
195
- ## 0.4.0 / 2015-03-25
245
+ ### 0.4.0 / 2015-03-25
196
246
 
197
247
  * Adds an implementation of JWT header auth ([@tbetbetbe][])
198
248
 
199
- ## 0.3.0 / 2015-03-23
249
+ ### 0.3.0 / 2015-03-23
200
250
 
201
251
  * makes the scope parameter's optional in all APIs. ([@tbetbetbe][])
202
252
  * changes the scope parameter's position in various constructors. ([@tbetbetbe][])
data/README.md CHANGED
@@ -14,11 +14,6 @@
14
14
  This is Google's officially supported ruby client library for using OAuth 2.0
15
15
  authorization and authentication with Google APIs.
16
16
 
17
- ## Alpha
18
-
19
- This library is in Alpha. We will make an effort to support the library, but
20
- we reserve the right to make incompatible changes when necessary.
21
-
22
17
  ## Install
23
18
 
24
19
  Be sure `https://rubygems.org/` is in your gem sources.
@@ -102,7 +97,9 @@ get('/oauth2callback') do
102
97
  end
103
98
  ```
104
99
 
105
- ### Example (Command Line)
100
+ ### Example (Command Line) [Deprecated]
101
+
102
+ The Google Auth OOB flow has been discontiued on January 31, 2023. The OOB flow is a legacy flow that is no longer considered secure. To continue using Google Auth, please migrate your applications to a more secure flow. For more information on how to do this, please refer to this [OOB Migration](https://developers.google.com/identity/protocols/oauth2/resources/oob-migration) guide.
106
103
 
107
104
  ```ruby
108
105
  require 'googleauth'
@@ -116,6 +113,7 @@ token_store = Google::Auth::Stores::FileTokenStore.new(
116
113
  :file => '/path/to/tokens.yaml')
117
114
  authorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store)
118
115
 
116
+ user_id = ENV['USER']
119
117
  credentials = authorizer.get_credentials(user_id)
120
118
  if credentials.nil?
121
119
  url = authorizer.get_authorization_url(base_url: OOB_URI )
@@ -140,6 +138,43 @@ authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
140
138
  authorizer.fetch_access_token!
141
139
  ```
142
140
 
141
+ You can also use a JSON keyfile by setting the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.
142
+
143
+ ```bash
144
+ export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service_account_json_key.json
145
+ ```
146
+
147
+ ```ruby
148
+ require 'googleauth'
149
+ require 'google/apis/drive_v3'
150
+
151
+ Drive = ::Google::Apis::DriveV3
152
+ drive = Drive::DriveService.new
153
+
154
+ scope = 'https://www.googleapis.com/auth/drive'
155
+
156
+ authorizer = Google::Auth::ServiceAccountCredentials.from_env(scope: scope)
157
+ drive.authorization = authorizer
158
+
159
+ list_files = drive.list_files()
160
+ ```
161
+
162
+ ### 3-Legged OAuth with a Service Account
163
+
164
+ This is similar to regular service account authorization (see [this answer](https://support.google.com/a/answer/2538798?hl=en) for more details on the differences), but you'll need to indicate which user your service account is impersonating by manually updating the `sub` field.
165
+
166
+ ```ruby
167
+ scope = 'https://www.googleapis.com/auth/androidpublisher'
168
+
169
+ authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
170
+ json_key_io: File.open('/path/to/service_account_json_key.json'),
171
+ scope: scope
172
+ )
173
+ authorizer.update!(sub: "email-to-impersonate@your-domain.com")
174
+
175
+ authorizer.fetch_access_token!
176
+ ```
177
+
143
178
  ### Example (Environment Variables)
144
179
 
145
180
  ```bash
@@ -182,14 +217,14 @@ Custom storage implementations can also be used. See
182
217
 
183
218
  ## Supported Ruby Versions
184
219
 
185
- This library is supported on Ruby 2.5+.
220
+ This library is supported on Ruby 2.6+.
186
221
 
187
222
  Google provides official support for Ruby versions that are actively supported
188
- by Ruby Core—that is, Ruby versions that are either in normal maintenance or in
189
- security maintenance, and not end of life. Currently, this means Ruby 2.5 and
190
- later. Older versions of Ruby _may_ still work, but are unsupported and not
191
- recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details
192
- about the Ruby support schedule.
223
+ by Ruby Core—that is, Ruby versions that are either in normal maintenance or
224
+ in security maintenance, and not end of life. Older versions of Ruby _may_
225
+ still work, but are unsupported and not recommended. See
226
+ https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby
227
+ support schedule.
193
228
 
194
229
  ## License
195
230
 
@@ -209,5 +244,5 @@ hesitate to
209
244
  about the client or APIs on [StackOverflow](http://stackoverflow.com).
210
245
 
211
246
  [application default credentials]: https://developers.google.com/accounts/docs/application-default-credentials
212
- [contributing]: https://github.com/googleapis/google-auth-library-ruby/tree/master/.github/CONTRIBUTING.md
213
- [license]: https://github.com/googleapis/google-auth-library-ruby/tree/master/LICENSE
247
+ [contributing]: https://github.com/googleapis/google-auth-library-ruby/tree/main/.github/CONTRIBUTING.md
248
+ [license]: https://github.com/googleapis/google-auth-library-ruby/tree/main/LICENSE
@@ -1,31 +1,16 @@
1
- # Copyright 2015, Google Inc.
2
- # All rights reserved.
1
+ # Copyright 2015 Google, Inc.
3
2
  #
4
- # Redistribution and use in source and binary forms, with or without
5
- # modification, are permitted provided that the following conditions are
6
- # met:
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
7
6
  #
8
- # * Redistributions of source code must retain the above copyright
9
- # notice, this list of conditions and the following disclaimer.
10
- # * Redistributions in binary form must reproduce the above
11
- # copyright notice, this list of conditions and the following disclaimer
12
- # in the documentation and/or other materials provided with the
13
- # distribution.
14
- # * Neither the name of Google Inc. nor the names of its
15
- # contributors may be used to endorse or promote products derived from
16
- # this software without specific prior written permission.
7
+ # http://www.apache.org/licenses/LICENSE-2.0
17
8
  #
18
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
29
14
 
30
15
  require "googleauth/compute_engine"
31
16
  require "googleauth/default_credentials"
@@ -75,7 +60,7 @@ module Google
75
60
  GCECredentials.unmemoize_all
76
61
  raise NOT_FOUND_ERROR
77
62
  end
78
- GCECredentials.new scope: scope
63
+ GCECredentials.new options.merge(scope: scope)
79
64
  end
80
65
  end
81
66
  end
@@ -0,0 +1,80 @@
1
+ # Copyright 2023 Google, Inc.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ module Google
16
+ # Module Auth provides classes that provide Google-specific authorization
17
+ # used to access Google APIs.
18
+ module Auth
19
+ # BaseClient is a class used to contain common methods that are required by any
20
+ # Credentials Client, including AwsCredentials, ServiceAccountCredentials,
21
+ # and UserRefreshCredentials. This is a superclass of Signet::OAuth2::Client
22
+ # and has been created to create a generic interface for all credentials clients
23
+ # to use, including ones which do not inherit from Signet::OAuth2::Client.
24
+ module BaseClient
25
+ AUTH_METADATA_KEY = :authorization
26
+
27
+ # Updates a_hash updated with the authentication token
28
+ def apply! a_hash, opts = {}
29
+ # fetch the access token there is currently not one, or if the client
30
+ # has expired
31
+ fetch_access_token! opts if needs_access_token?
32
+ a_hash[AUTH_METADATA_KEY] = "Bearer #{send token_type}"
33
+ end
34
+
35
+ # Returns a clone of a_hash updated with the authentication token
36
+ def apply a_hash, opts = {}
37
+ a_copy = a_hash.clone
38
+ apply! a_copy, opts
39
+ a_copy
40
+ end
41
+
42
+ # Whether the id_token or access_token is missing or about to expire.
43
+ def needs_access_token?
44
+ send(token_type).nil? || expires_within?(60)
45
+ end
46
+
47
+ # Returns a reference to the #apply method, suitable for passing as
48
+ # a closure
49
+ def updater_proc
50
+ proc { |a_hash, opts = {}| apply a_hash, opts }
51
+ end
52
+
53
+ def on_refresh &block
54
+ @refresh_listeners = [] unless defined? @refresh_listeners
55
+ @refresh_listeners << block
56
+ end
57
+
58
+ def notify_refresh_listeners
59
+ listeners = defined?(@refresh_listeners) ? @refresh_listeners : []
60
+ listeners.each do |block|
61
+ block.call self
62
+ end
63
+ end
64
+
65
+ def expires_within?
66
+ raise NotImplementedError
67
+ end
68
+
69
+ private
70
+
71
+ def token_type
72
+ raise NotImplementedError
73
+ end
74
+
75
+ def fetch_access_token!
76
+ raise NotImplementedError
77
+ end
78
+ end
79
+ end
80
+ end
@@ -1,31 +1,16 @@
1
- # Copyright 2014, Google Inc.
2
- # All rights reserved.
1
+ # Copyright 2014 Google, Inc.
3
2
  #
4
- # Redistribution and use in source and binary forms, with or without
5
- # modification, are permitted provided that the following conditions are
6
- # met:
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
7
6
  #
8
- # * Redistributions of source code must retain the above copyright
9
- # notice, this list of conditions and the following disclaimer.
10
- # * Redistributions in binary form must reproduce the above
11
- # copyright notice, this list of conditions and the following disclaimer
12
- # in the documentation and/or other materials provided with the
13
- # distribution.
14
- # * Neither the name of Google Inc. nor the names of its
15
- # contributors may be used to endorse or promote products derived from
16
- # this software without specific prior written permission.
7
+ # http://www.apache.org/licenses/LICENSE-2.0
17
8
  #
18
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
29
14
 
30
15
  require "multi_json"
31
16
  require "googleauth/credentials_loader"
@@ -1,31 +1,16 @@
1
- # Copyright 2015, Google Inc.
2
- # All rights reserved.
1
+ # Copyright 2015 Google, Inc.
3
2
  #
4
- # Redistribution and use in source and binary forms, with or without
5
- # modification, are permitted provided that the following conditions are
6
- # met:
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
7
6
  #
8
- # * Redistributions of source code must retain the above copyright
9
- # notice, this list of conditions and the following disclaimer.
10
- # * Redistributions in binary form must reproduce the above
11
- # copyright notice, this list of conditions and the following disclaimer
12
- # in the documentation and/or other materials provided with the
13
- # distribution.
14
- # * Neither the name of Google Inc. nor the names of its
15
- # contributors may be used to endorse or promote products derived from
16
- # this software without specific prior written permission.
7
+ # http://www.apache.org/licenses/LICENSE-2.0
17
8
  #
18
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
29
14
 
30
15
  require "faraday"
31
16
  require "googleauth/signet"