googleauth 0.5.1 → 0.14.0

data/.kokoro/trampoline.bat

@@ -0,0 +1,10 @@
+
+SET url="https://raw.githubusercontent.com/googleapis/google-cloud-ruby/master/.kokoro/trampoline.bat"
+
+SET "download=powershell -C Invoke-WebRequest -Uri %url% -OutFile master-trampoline.bat"
+
+SET EXIT_STATUS=1
+
+%download% && master-trampoline.bat && SET EXIT_STATUS=0
+
+EXIT %EXIT_STATUS%

data/.kokoro/trampoline.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+script_url="https://raw.githubusercontent.com/googleapis/google-cloud-ruby/master/.kokoro/trampoline.sh"
+curl -o master-trampoline.sh $script_url && source master-trampoline.sh

data/.repo-metadata.json

@@ -0,0 +1,5 @@
+{
+    "name": "googleauth",
+    "language": "ruby",
+    "distribution-name": "googleauth"
+}

data/.rubocop.yml

@@ -1 +1,19 @@
-inherit_from: .rubocop_todo.yml
+inherit_gem:
+  google-style: google-style.yml
+
+AllCops:
+  Exclude:
+    - "Rakefile"
+    - "integration/**/*"
+    - "rakelib/**/*"
+    - "spec/**/*"
+    - "test/**/*"
+Metrics/ClassLength:
+  Max: 200
+Metrics/ModuleLength:
+  Max: 110
+Metrics/BlockLength:
+  Exclude:
+    - "googleauth.gemspec"
+Style/SafeNavigation:
+  Enabled: false

data/CHANGELOG.md

@@ -1,21 +1,121 @@
-## 0.5.1 (06/01/2016)
+# Release History
 
-### Changes
+### 0.14.0 / 2020-10-09
+
+* Honor GCE_METADATA_HOST environment variable
+* Fix errors in some environments when requesting an access token for multiple scopes
+
+### 0.13.1 / 2020-07-30
+
+* Support scopes when using GCE Metadata Server authentication ([@ball-hayden][])
+
+### 0.13.0 / 2020-06-17
+
+* Support for validating ID tokens.
+* Fixed header application of ID tokens from service accounts.
+
+### 0.12.0 / 2020-04-08
+
+* Support for ID token credentials.
+* Support reading quota_id_project from service account credentials.
+
+### 0.11.0 / 2020-02-24
+
+* Support Faraday 1.x.
+* Allow special "postmessage" value for redirect_uri.
+
+### 0.10.0 / 2019-10-09
+
+Note: This release now requires Ruby 2.4 or later
+
+* Increase metadata timeout to improve reliability in some hosting environments
+* Support an environment variable to suppress Cloud SDK credentials warnings
+* Make the header check case insensitive
+* Set instance variables at initialization to avoid spamming warnings
+* Pass "Metadata-Flavor" header to metadata server when checking for GCE
+
+### 0.9.0 / 2019-08-05
+
+* Restore compatibility with Ruby 2.0. This is the last release that will work on end-of-lifed versions of Ruby. The 0.10 release will require Ruby 2.4 or later.
+* Update Credentials to use methods for values that are intended to be changed by users, replacing constants.
+* Add retry on error for fetch_access_token
+* Allow specifying custom state key-values
+* Add verbosity none to gcloud command
+* Make arity of WebUserAuthorizer#get_credentials compatible with the base class
+
+### 0.8.1 / 2019-03-27
+
+* Silence unnecessary gcloud warning
+* Treat empty credentials environment variables as unset
+
+### 0.8.0 / 2019-01-02
+
+* Support connection options :default_connection and :connection_builder when creating credentials that need to refresh OAuth tokens. This lets clients provide connection objects with custom settings, such as proxies, needed for the client environment.
+* Removed an unnecessary warning about project IDs.
+
+### 0.7.1 / 2018-10-25
+
+* Make load_gcloud_project_id module function.
+
+### 0.7.0 / 2018-10-24
+
+* Add project_id instance variable to UserRefreshCredentials, ServiceAccountCredentials, and Credentials.
+
+### 0.6.7 / 2018-10-16
+
+* Update memoist dependency to ~> 0.16.
+
+### 0.6.6 / 2018-08-22
+
+* Remove ruby version warnings.
+
+### 0.6.5 / 2018-08-16
+
+* Fix incorrect http verb when revoking credentials.
+* Warn on EOL ruby versions.
+
+### 0.6.4 / 2018-08-03
+
+* Resolve issue where DefaultCredentials constant was undefined.
+
+### 0.6.3 / 2018-08-02
+
+* Resolve issue where token_store was being written to twice
+
+### 0.6.2 / 2018-08-01
+
+* Add warning when using cloud sdk credentials
+
+### 0.6.1 / 2017-10-18
+
+* Fix file permissions
+
+### 0.6.0 / 2017-10-17
+
+* Support ruby-jwt 2.0
+* Add simple credentials class
+
+### 0.5.3 / 2017-07-21
+
+* Fix file permissions on the gem's `.rb` files.
+
+### 0.5.2 / 2017-07-19
+
+* Add retry mechanism when fetching access tokens in `GCECredentials` and `UserRefreshCredentials` classes.
+* Update Google API OAuth2 token credential URI to v4.
+
+### 0.5.1 / 2016-01-06
 
 * Change header name emitted by `Client#apply` from "Authorization" to "authorization" ([@murgatroid99][])
 * Fix ADC not working on some windows machines ([@vsubramani][])
 [#55](https://github.com/google/google-auth-library-ruby/issues/55)
 
-## 0.5.0 (12/10/2015)
-
-### Changes
+### 0.5.0 / 2015-10-12
 
 * Initial support for user credentials ([@sqrrrl][])
 * Update Signet to 0.7
 
-## 0.4.2 (05/08/2015)
-
-### Changes
+### 0.4.2 / 2015-08-05
 
 * Updated UserRefreshCredentials hash to use string keys ([@haabaato][])
 [#36](https://github.com/google/google-auth-library-ruby/issues/36)
@@ -29,27 +129,19 @@
 * Relax the constraint of dependent version of multi_json ([@igrep][])
 [#30](https://github.com/google/google-auth-library-ruby/issues/30)
 
-### Changes
-
 * Enables passing credentials via environment variables. ([@haabaato][])
 [#27](https://github.com/google/google-auth-library-ruby/issues/27)
 
-## 0.4.1 (25/04/2015)
-
-### Changes
+### 0.4.1 / 2015-04-25
 
 * Improves handling of --no-scopes GCE authorization ([@tbetbetbe][])
 * Refactoring and cleanup ([@joneslee85][])
 
-## 0.4.0 (25/03/2015)
-
-### Changes
+### 0.4.0 / 2015-03-25
 
 * Adds an implementation of JWT header auth ([@tbetbetbe][])
 
-## 0.3.0 (23/03/2015)
-
-### Changes
+### 0.3.0 / 2015-03-23
 
 * makes the scope parameter's optional in all APIs. ([@tbetbetbe][])
 * changes the scope parameter's position in various constructors. ([@tbetbetbe][])
@@ -62,3 +154,4 @@
 [@tbetbetbe]: https://github.com/tbetbetbe
 [@murgatroid99]: https://github.com/murgatroid99
 [@vsubramani]: https://github.com/vsubramani
+[@ball-hayden]: https://github.com/ball-hayden

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,43 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project,
+and in the interest of fostering an open and welcoming community,
+we pledge to respect all people who contribute through reporting issues,
+posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project
+a harassment-free experience for everyone,
+regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information,
+such as physical or electronic
+addresses, without explicit permission
+* Other unethical or unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct.
+By adopting this Code of Conduct,
+project maintainers commit themselves to fairly and consistently
+applying these principles to every aspect of managing this project.
+Project maintainers who do not follow or enforce the Code of Conduct
+may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior
+may be reported by opening an issue
+or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0,
+available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)

data/Gemfile

@@ -1,24 +1,30 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
 # Specify your gem's dependencies in googleauth.gemspec
 gemspec
 
 group :development do
-  gem 'bundler', '~> 1.9'
-  gem 'simplecov', '~> 0.9'
-  gem 'coveralls', '~> 0.7'
-  gem 'fakefs', '~> 0.6'
-  gem 'rake', '~> 10.0'
-  gem 'rubocop', '~> 0.30'
-  gem 'rspec', '~> 3.0'
-  gem 'redis', '~> 3.2'
-  gem 'fakeredis', '~> 0.5'
-  gem 'webmock', '~> 1.21'
-  gem 'rack-test', '~> 0.6'
-  gem 'sinatra'
+  gem "bundler", ">= 1.9"
+  gem "coveralls", "~> 0.7"
+  gem "fakefs", "~> 0.6"
+  gem "fakeredis", "~> 0.5"
+  gem "google-style", "~> 1.24.0"
+  gem "logging", "~> 2.0"
+  gem "minitest", "~> 5.14"
+  gem "minitest-focus", "~> 1.1"
+  gem "rack-test", "~> 0.6"
+  gem "rake", "~> 13.0"
+  gem "redis", "~> 3.2"
+  gem "rspec", "~> 3.0"
+  gem "simplecov", "~> 0.9"
+  gem "sinatra"
+  gem "webmock", "~> 3.8"
 end
 
 platforms :jruby do
   group :development do
   end
 end
+
+gem "faraday", "~> 0.17"
+gem "gems", "~> 1.2"

data/README.md

@@ -1,16 +1,13 @@
 # Google Auth Library for Ruby
 
 <dl>
-  <dt>Homepage</dt><dd><a href="http://www.github.com/google/google-auth-library-ruby">http://www.github.com/google/google-auth-library-ruby</a></dd>
+  <dt>Homepage</dt><dd><a href="http://www.github.com/googleapis/google-auth-library-ruby">http://www.github.com/googleapis/google-auth-library-ruby</a></dd>
   <dt>Authors</dt><dd><a href="mailto:temiola@google.com">Tim Emiola</a></dd>
   <dt>Copyright</dt><dd>Copyright © 2015 Google, Inc.</dd>
   <dt>License</dt><dd>Apache 2.0</dd>
 </dl>
 
 [![Gem Version](https://badge.fury.io/rb/googleauth.svg)](http://badge.fury.io/rb/googleauth)
-[![Build Status](https://secure.travis-ci.org/google/google-auth-library-ruby.png)](http://travis-ci.org/google/google-auth-library-ruby)
-[![Coverage Status](https://coveralls.io/repos/google/google-auth-library-ruby/badge.png)](https://coveralls.io/r/google/google-auth-library-ruby)
-[![Dependency Status](https://gemnasium.com/google/google-auth-library-ruby.png)](https://gemnasium.com/google/google-auth-library-ruby)
 
 ## Description
 
@@ -70,7 +67,7 @@ a generic authorizer useful for command line apps or custom integrations as
 well as a web variant tailored toward Rack-based applications.
 
 The authorizers are intended for authorization use cases. For sign-on,
-see [Google Idenity Platform](https://developers.google.com/identity/)
+see [Google Identity Platform](https://developers.google.com/identity/)
 
 ### Example (Web)
 
@@ -92,7 +89,7 @@ get('/authorize') do
   user_id = request.session['user_id']
   credentials = authorizer.get_credentials(user_id, request)
   if credentials.nil?
-    redirect authorizer.get_authorization_url(user_id: user_id, request: request)
+    redirect authorizer.get_authorization_url(login_hint: user_id, request: request)
   end
   # Credentials are valid, can call APIs
   # ...
@@ -111,6 +108,8 @@ end
 require 'googleauth'
 require 'googleauth/stores/file_token_store'
 
+OOB_URI = 'urn:ietf:wg:oauth:2.0:oob'
+
 scope = 'https://www.googleapis.com/auth/drive'
 client_id = Google::Auth::ClientId.from_file('/path/to/client_secrets.json')
 token_store = Google::Auth::Stores::FileTokenStore.new(
@@ -119,7 +118,7 @@ authorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store)
 
 credentials = authorizer.get_credentials(user_id)
 if credentials.nil?
-  url = authorizer.get_authorization_url(base_url: 'urn:ietf:wg:oauth:2.0:oob')
+  url = authorizer.get_authorization_url(base_url: OOB_URI )
   puts "Open #{url} in your browser and enter the resulting code:"
   code = gets
   credentials = authorizer.get_and_store_credentials_from_code(
@@ -129,6 +128,47 @@ end
 # OK to use credentials
 ```
 
+### Example (Service Account)
+
+```ruby
+scope = 'https://www.googleapis.com/auth/androidpublisher'
+
+authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
+  json_key_io: File.open('/path/to/service_account_json_key.json'),
+  scope: scope)
+
+authorizer.fetch_access_token!
+```
+
+### Example (Environment Variables)
+
+```bash
+export GOOGLE_ACCOUNT_TYPE=service_account
+export GOOGLE_CLIENT_ID=000000000000000000000
+export GOOGLE_CLIENT_EMAIL=xxxx@xxxx.iam.gserviceaccount.com
+export GOOGLE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
+```
+
+```ruby
+require 'googleauth'
+require 'google/apis/drive_v3'
+
+Drive = ::Google::Apis::DriveV3
+drive = Drive::DriveService.new
+
+# Auths with ENV vars:
+# "GOOGLE_CLIENT_ID",
+# "GOOGLE_CLIENT_EMAIL",
+# "GOOGLE_ACCOUNT_TYPE", 
+# "GOOGLE_PRIVATE_KEY"
+auth = ::Google::Auth::ServiceAccountCredentials
+  .make_creds(scope: 'https://www.googleapis.com/auth/drive')
+drive.authorization = auth
+
+list_files = drive.list_files()
+
+```
+
 ### Storage
 
 Authorizers require a storage instance to manage long term persistence of
@@ -138,15 +178,16 @@ access and refresh tokens. Two storage implementations are included:
 *   Google::Auth::Stores::RedisTokenStore
 
 Custom storage implementations can also be used. See
-[token_store.rb](lib/googleauth/token_store.rb) for additional details.
+[token_store.rb](https://googleapis.dev/ruby/googleauth/latest/Google/Auth/TokenStore.html) for additional details.
+
+## Supported Ruby Versions
 
-## What about auth in google-apis-ruby-client?
+This library requires Ruby 2.4 or later.
 
-The goal is for all auth done by
-[google-apis-ruby-client][google-apis-ruby-client] to be performed by this
-library. I.e, eventually google-apis-ruby-client will just take a dependency
-on this library.  This update is a work in progress, but should be completed
-by Q2 2015.
+In general, this library supports Ruby versions that are considered current and
+supported by Ruby Core (that is, Ruby versions that are either in normal
+maintenance or in security maintenance).
+See https://www.ruby-lang.org/en/downloads/branches/ for further details.
 
 ## License
 
@@ -165,7 +206,6 @@ hesitate to
 [ask questions](http://stackoverflow.com/questions/tagged/google-auth-library-ruby)
 about the client or APIs on [StackOverflow](http://stackoverflow.com).
 
-[google-apis-ruby-client]: (https://github.com/google/google-api-ruby-client)
-[application default credentials]: (https://developers.google.com/accounts/docs/application-default-credentials)
-[contributing]: https://github.com/google/google-auth-library-ruby/tree/master/CONTRIBUTING.md
-[copying]: https://github.com/google/google-auth-library-ruby/tree/master/COPYING
+[application default credentials]: https://developers.google.com/accounts/docs/application-default-credentials
+[contributing]: https://github.com/googleapis/google-auth-library-ruby/tree/master/.github/CONTRIBUTING.md
+[copying]: https://github.com/googleapis/google-auth-library-ruby/tree/master/COPYING

data/Rakefile

@@ -1,15 +1,132 @@
 # -*- ruby -*-
-require 'rspec/core/rake_task'
-require 'rubocop/rake_task'
-require 'bundler/gem_tasks'
+require "json"
+require "bundler/gem_tasks"
 
-desc 'Run Rubocop to check for style violations'
+require "rubocop/rake_task"
 RuboCop::RakeTask.new
 
-desc 'Run rake task'
-RSpec::Core::RakeTask.new(:spec)
+require "rake/testtask"
 
-desc 'Does rubocop lint and runs the specs'
-task all: [:rubocop, :spec]
+desc "Run tests."
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList["test/**/*_test.rb"]
+  t.warning = false
+end
 
-task default: :all
+desc "Run integration tests."
+Rake::TestTask.new("integration") do |t|
+  t.libs << "integration"
+  t.test_files = FileList["integration/**/*_test.rb"]
+  t.warning = false
+end
+
+task :ci do
+  header "Using Ruby - #{RUBY_VERSION}"
+  sh "bundle exec rubocop"
+  Rake::Task["test"].invoke
+  Rake::Task["integration"].invoke
+  sh "bundle exec rspec"
+end
+
+task :release_gem, :tag do |_t, args|
+  tag = args[:tag]
+  raise "You must provide a tag to release." if tag.nil?
+
+  # Verify the tag format "vVERSION"
+  m = tag.match /v(?<version>\S*)/
+  raise "Tag #{tag} does not match the expected format." if m.nil?
+
+  version = m[:version]
+  raise "You must provide a version." if version.nil?
+
+  api_token = ENV["RUBYGEMS_API_TOKEN"]
+
+  require "gems"
+  if api_token
+    ::Gems.configure do |config|
+      config.key = api_token
+    end
+  end
+
+  Bundler.with_clean_env do
+    sh "rm -rf pkg"
+    sh "bundle update"
+    sh "bundle exec rake build"
+  end
+
+  path_to_be_pushed = "pkg/googleauth-#{version}.gem"
+  gem_was_published = nil
+  if File.file? path_to_be_pushed
+    begin
+      response = ::Gems.push File.new(path_to_be_pushed)
+      puts response
+      raise unless response.include? "Successfully registered gem:"
+      gem_was_published = true
+      puts "Successfully built and pushed googleauth for version #{version}"
+    rescue StandardError => e
+      gem_was_published = false
+      puts "Error while releasing googleauth version #{version}: #{e.message}"
+    end
+  else
+    raise "Cannot build googleauth for version #{version}"
+  end
+
+  Rake::Task["kokoro:publish_docs"].invoke if gem_was_published
+end
+
+namespace :kokoro do
+  task :load_env_vars do
+    service_account = "#{ENV['KOKORO_GFILE_DIR']}/service-account.json"
+    ENV["GOOGLE_APPLICATION_CREDENTIALS"] = service_account
+    filename = "#{ENV['KOKORO_GFILE_DIR']}/env_vars.json"
+    env_vars = JSON.parse File.read(filename)
+    env_vars.each { |k, v| ENV[k] = v }
+  end
+
+  task :presubmit do
+    Rake::Task["ci"].invoke
+  end
+
+  task :continuous do
+    Rake::Task["ci"].invoke
+  end
+
+  task :post do
+    require_relative "rakelib/link_checker.rb"
+
+    link_checker = LinkChecker.new
+    link_checker.run
+    exit link_checker.exit_status
+  end
+
+  task :nightly do
+    Rake::Task["ci"].invoke
+  end
+
+  task :release do
+    version = "0.1.0"
+    Bundler.with_clean_env do
+      version = `bundle exec gem list`
+                .split("\n").select { |line| line.include? "googleauth" }
+                .first.split("(").last.split(")").first || "0.1.0"
+    end
+    Rake::Task["kokoro:load_env_vars"].invoke
+    Rake::Task["release_gem"].invoke "v#{version}"
+  end
+
+  task :publish_docs do
+    require_relative "rakelib/devsite_builder.rb"
+
+    DevsiteBuilder.new(__dir__).publish
+  end
+end
+
+def header str, token = "#"
+  line_length = str.length + 8
+  puts ""
+  puts token * line_length
+  puts "#{token * 3} #{str} #{token * 3}"
+  puts token * line_length
+  puts ""
+end