googleauth 1.1.0 → 1.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 286a365510084cc4410a7fb76cc6ee21be59372e57c1ef475f14c232cd883c54
-  data.tar.gz: 413babe33567dfc2d5f2f12df1b3c344c497bea78e32b311ba025e26ebce9314
+  metadata.gz: 967a6321e1ec2dafec23915f77028196ca588d1b0cd7d40c0824d918d4001298
+  data.tar.gz: b85411d05c86ccc52727047c74d82dc30e16df41f374ac6f64d760776be923fc
 SHA512:
-  metadata.gz: 9d478df9ef5cdf0ff86a281b9410c2b33756be34734c06ce858fda704297ae97607b7d254803bcd8f18290a7d6e32cc26b78ea3e7bb1dc0308fcc1faabd35fdf
-  data.tar.gz: d153a275309125418cafdfd3f222f3c09c5f0b873056c4eb95e676f492cb59b214b28a680b375b76cf4b2bf3560263311cea700c37df14632f9418c774ca9372
+  metadata.gz: d858caa697993c8c8336e2b15a5a8e1bf21d939678513874426207e7002a052d82f0ed2020ed7cef54ec14e97aca0e2ce23ff8442cd346d72ea45d4975d4373d
+  data.tar.gz: fda398a2576f28e0dff7196e46ce0d51e4e73b4db4f4f59d10e3e2fd124913cc0af2533428bd0a8a8b83f7b6b334757540b556b1160c9adf8dbc6dd9dab827c6

data/CHANGELOG.md

@@ -1,76 +1,92 @@
 # Release History
 
-## [1.1.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/googleauth/v1.0.0...googleauth/v1.1.0) (2021-10-24)
+### 1.1.3 (2022-04-20)
 
+#### Documentation
 
-### Features
+* Add README instructions for 3-Legged OAuth with a service account
 
-* Support short-lived tokens in Credentials ([9d7051c](https://www.github.com/googleapis/google-auth-library-ruby/commit/9d7051cff4d5e191a5d6756a068e8be539934f0d))
+### 1.1.2 (2022-02-22)
 
-## [1.0.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/googleauth/v0.17.1...googleauth/v1.0.0) (2021-09-27)
+#### Bug Fixes
 
-Bumped version to 1.0.0. Releases from this point will follow semver.
+* Support Faraday 2
+
+### 1.1.1 (2022-02-14)
+
+#### Bug Fixes
+
+* add quota_project to user refresh credentials
 
-* Allow dependency on future 1.x versions of signet ([9e17a24](https://www.github.com/googleapis/google-auth-library-ruby/commit/9e17a24bf97cb52f09756c624b4dc6e18dc79493))
-* Prevented gcloud from authenticating on the console when getting the gcloud project ([9902503](https://www.github.com/googleapis/google-auth-library-ruby/commit/990250345d6af31de1066c08c0b3b42692ae263c))
+### 1.1.0 (2021-10-24)
 
-## [0.17.1](https://www.github.com/googleapis/google-auth-library-ruby/compare/googleauth/v0.15.0...googleauth/v0.17.1) (2021-09-01)
+#### Features
 
-* Updates to gem metadata ([fb5e56d](https://www.github.com/googleapis/google-auth-library-ruby/commit/fb5e56dad1e6ed6afd4f9b5c626e5e1495e48343))
+* Support short-lived tokens in Credentials
+
+### 1.0.0 (2021-09-27)
+
+Bumped version to 1.0.0. Releases from this point will follow semver.
 
-## [0.17.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/google-auth-library-ruby/v0.16.2...google-auth-library-ruby/v0.17.0) (2021-07-30)
+* Allow dependency on future 1.x versions of signet
+* Prevented gcloud from authenticating on the console when getting the gcloud project
 
-* Allow scopes to be self-signed into jwts ([e67ce40](https://www.github.com/googleapis/google-auth-library-ruby/commit/e67ce40f919b7eb3723c2ec95f5b8d58315ab1ee))
+### 0.17.1 (2021-09-01)
 
-## [0.16.2](https://www.github.com/googleapis/google-auth-library-ruby/compare/google-auth-library-ruby/v0.16.1...google-auth-library-ruby/v0.16.2) (2021-04-28)
+* Updates to gem metadata
 
-* Stop attempting to get the project from gcloud when applying self-signed JWTs ([#317](https://www.github.com/googleapis/google-auth-library-ruby/issues/317)) ([39258ca](https://www.github.com/googleapis/google-auth-library-ruby/commit/39258cacafa5c770fb40d99075a97b8e6427adba))
+### 0.17.0 (2021-07-30)
 
-## [0.16.1](https://www.github.com/googleapis/google-auth-library-ruby/compare/google-auth-library-ruby/v0.16.0...google-auth-library-ruby/v0.16.1) (2021-04-01)
+* Allow scopes to be self-signed into jwts
 
-* Accept application/text content-type for plain idtoken response ([4948ebb](https://www.github.com/googleapis/google-auth-library-ruby/commit/4948ebb3ca151e9f0433585a41bad6f415416b2d))
+### 0.16.2 (2021-04-28)
 
-## [0.16.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/v0.15.1...v0.16.0) (2021-03-04)
+* Stop attempting to get the project from gcloud when applying self-signed JWTs
 
-* Drop support for Ruby 2.4 and add support for Ruby 3.0 ([6644806](https://www.github.com/googleapis/google-auth-library-ruby/commit/6644806ab47cea6d08e1901c2ed808e53a579bc3))
+### 0.16.1 (2021-04-01)
 
-## [0.15.1](https://www.github.com/googleapis/google-auth-library-ruby/compare/v0.15.0...v0.15.1) (2021-02-08)
+* Accept application/text content-type for plain idtoken response
 
-* Fix crash when using a client credential without any paths or env_vars set ([#296](https://www.github.com/googleapis/google-auth-library-ruby/issues/296)) ([c971c1a](https://www.github.com/googleapis/google-auth-library-ruby/commit/c971c1ad2d7730c0f5b389d533a972be32fbaf49))
+### 0.16.0 (2021-03-04)
 
-## [0.15.0](https://www.github.com/googleapis/google-auth-library-ruby/compare/v0.14.0...v0.15.0) (2021-01-26)
+* Drop support for Ruby 2.4 and add support for Ruby 3.0
 
-* Credential parameters inherit from superclasses ([4fa4720](https://www.github.com/googleapis/google-auth-library-ruby/commit/4fa47206dbd62f8bbdd1b9d3721f6baee9fd1d62))
-* Service accounts apply a self-signed JWT if scopes are marked as default ([d22acb8](https://www.github.com/googleapis/google-auth-library-ruby/commit/d22acb8a510e6711b5674545c31a4816e5a9168f))
+### 0.15.1 (2021-02-08)
 
-* Retry fetch_access_token when GCE metadata server returns unexpected errors ([cd9b012](https://www.github.com/googleapis/google-auth-library-ruby/commit/cd9b0126d3419b9953982f71edc9e6ba3f640e3c))
-* Support correct service account and user refresh behavior for custom credential env variables ([d2dffe5](https://www.github.com/googleapis/google-auth-library-ruby/commit/d2dffe592112b45006291ad9a57f56e00fb208c3))
+* Fix crash when using a client credential without any paths or env_vars set
 
-## 0.14.0 / 2020-10-09
+### 0.15.0 (2021-01-26)
+
+* Credential parameters inherit from superclasses
+* Service accounts apply a self-signed JWT if scopes are marked as default
+* Retry fetch_access_token when GCE metadata server returns unexpected errors
+* Support correct service account and user refresh behavior for custom credential env variables
+
+### 0.14.0 / 2020-10-09
 
 * Honor GCE_METADATA_HOST environment variable
 * Fix errors in some environments when requesting an access token for multiple scopes
 
-## 0.13.1 / 2020-07-30
+### 0.13.1 / 2020-07-30
 
 * Support scopes when using GCE Metadata Server authentication ([@ball-hayden][])
 
-## 0.13.0 / 2020-06-17
+### 0.13.0 / 2020-06-17
 
 * Support for validating ID tokens.
 * Fixed header application of ID tokens from service accounts.
 
-## 0.12.0 / 2020-04-08
+### 0.12.0 / 2020-04-08
 
 * Support for ID token credentials.
 * Support reading quota_id_project from service account credentials.
 
-## 0.11.0 / 2020-02-24
+### 0.11.0 / 2020-02-24
 
 * Support Faraday 1.x.
 * Allow special "postmessage" value for redirect_uri.
 
-## 0.10.0 / 2019-10-09
+### 0.10.0 / 2019-10-09
 
 Note: This release now requires Ruby 2.4 or later
 
@@ -80,7 +96,7 @@ Note: This release now requires Ruby 2.4 or later
 * Set instance variables at initialization to avoid spamming warnings
 * Pass "Metadata-Flavor" header to metadata server when checking for GCE
 
-## 0.9.0 / 2019-08-05
+### 0.9.0 / 2019-08-05
 
 * Restore compatibility with Ruby 2.0. This is the last release that will work on end-of-lifed versions of Ruby. The 0.10 release will require Ruby 2.4 or later.
 * Update Credentials to use methods for values that are intended to be changed by users, replacing constants.
@@ -89,105 +105,95 @@ Note: This release now requires Ruby 2.4 or later
 * Add verbosity none to gcloud command
 * Make arity of WebUserAuthorizer#get_credentials compatible with the base class
 
-## 0.8.1 / 2019-03-27
+### 0.8.1 / 2019-03-27
 
 * Silence unnecessary gcloud warning
 * Treat empty credentials environment variables as unset
 
-## 0.8.0 / 2019-01-02
+### 0.8.0 / 2019-01-02
 
 * Support connection options :default_connection and :connection_builder when creating credentials that need to refresh OAuth tokens. This lets clients provide connection objects with custom settings, such as proxies, needed for the client environment.
 * Removed an unnecessary warning about project IDs.
 
-## 0.7.1 / 2018-10-25
+### 0.7.1 / 2018-10-25
 
 * Make load_gcloud_project_id module function.
 
-## 0.7.0 / 2018-10-24
+### 0.7.0 / 2018-10-24
 
 * Add project_id instance variable to UserRefreshCredentials, ServiceAccountCredentials, and Credentials.
 
-## 0.6.7 / 2018-10-16
+### 0.6.7 / 2018-10-16
 
 * Update memoist dependency to ~> 0.16.
 
-## 0.6.6 / 2018-08-22
+### 0.6.6 / 2018-08-22
 
 * Remove ruby version warnings.
 
-## 0.6.5 / 2018-08-16
+### 0.6.5 / 2018-08-16
 
 * Fix incorrect http verb when revoking credentials.
 * Warn on EOL ruby versions.
 
-## 0.6.4 / 2018-08-03
+### 0.6.4 / 2018-08-03
 
 * Resolve issue where DefaultCredentials constant was undefined.
 
-## 0.6.3 / 2018-08-02
+### 0.6.3 / 2018-08-02
 
 * Resolve issue where token_store was being written to twice
 
-## 0.6.2 / 2018-08-01
+### 0.6.2 / 2018-08-01
 
 * Add warning when using cloud sdk credentials
 
-## 0.6.1 / 2017-10-18
+### 0.6.1 / 2017-10-18
 
 * Fix file permissions
 
-## 0.6.0 / 2017-10-17
+### 0.6.0 / 2017-10-17
 
 * Support ruby-jwt 2.0
 * Add simple credentials class
 
-## 0.5.3 / 2017-07-21
+### 0.5.3 / 2017-07-21
 
 * Fix file permissions on the gem's `.rb` files.
 
-## 0.5.2 / 2017-07-19
+### 0.5.2 / 2017-07-19
 
 * Add retry mechanism when fetching access tokens in `GCECredentials` and `UserRefreshCredentials` classes.
 * Update Google API OAuth2 token credential URI to v4.
 
-## 0.5.1 / 2016-01-06
+### 0.5.1 / 2016-01-06
 
 * Change header name emitted by `Client#apply` from "Authorization" to "authorization" ([@murgatroid99][])
 * Fix ADC not working on some windows machines ([@vsubramani][])
-[#55](https://github.com/google/google-auth-library-ruby/issues/55)
 
-## 0.5.0 / 2015-10-12
+### 0.5.0 / 2015-10-12
 
 * Initial support for user credentials ([@sqrrrl][])
 * Update Signet to 0.7
 
-## 0.4.2 / 2015-08-05
+### 0.4.2 / 2015-08-05
 
 * Updated UserRefreshCredentials hash to use string keys ([@haabaato][])
-[#36](https://github.com/google/google-auth-library-ruby/issues/36)
-
 * Add support for a system default credentials file. ([@mr-salty][])
-[#33](https://github.com/google/google-auth-library-ruby/issues/33)
-
 * Fix bug when loading credentials from ENV ([@dwilkie][])
-[#31](https://github.com/google/google-auth-library-ruby/issues/31)
-
 * Relax the constraint of dependent version of multi_json ([@igrep][])
-[#30](https://github.com/google/google-auth-library-ruby/issues/30)
-
 * Enables passing credentials via environment variables. ([@haabaato][])
-[#27](https://github.com/google/google-auth-library-ruby/issues/27)
 
-## 0.4.1 / 2015-04-25
+### 0.4.1 / 2015-04-25
 
 * Improves handling of --no-scopes GCE authorization ([@tbetbetbe][])
 * Refactoring and cleanup ([@joneslee85][])
 
-## 0.4.0 / 2015-03-25
+### 0.4.0 / 2015-03-25
 
 * Adds an implementation of JWT header auth ([@tbetbetbe][])
 
-## 0.3.0 / 2015-03-23
+### 0.3.0 / 2015-03-23
 
 * makes the scope parameter's optional in all APIs. ([@tbetbetbe][])
 * changes the scope parameter's position in various constructors. ([@tbetbetbe][])

data/README.md

@@ -14,11 +14,6 @@
 This is Google's officially supported ruby client library for using OAuth 2.0
 authorization and authentication with Google APIs.
 
-## Alpha
-
-This library is in Alpha. We will make an effort to support the library, but
-we reserve the right to make incompatible changes when necessary.
-
 ## Install
 
 Be sure `https://rubygems.org/` is in your gem sources.
@@ -116,6 +111,7 @@ token_store = Google::Auth::Stores::FileTokenStore.new(
   :file => '/path/to/tokens.yaml')
 authorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store)
 
+user_id = ENV['USER']
 credentials = authorizer.get_credentials(user_id)
 if credentials.nil?
   url = authorizer.get_authorization_url(base_url: OOB_URI )
@@ -161,6 +157,22 @@ drive.authorization = authorizer
 list_files = drive.list_files()
 ```
 
+### 3-Legged OAuth with a Service Account
+
+This is similar to regular service account authorization (see [this answer](https://support.google.com/a/answer/2538798?hl=en) for more details on the differences), but you'll need to indicate which user your service account is impersonating by manually updating the `sub` field.
+
+```ruby
+scope = 'https://www.googleapis.com/auth/androidpublisher'
+
+authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
+  json_key_io: File.open('/path/to/service_account_json_key.json'),
+  scope: scope
+)
+authorizer.update!(sub: "email-to-impersonate@your-domain.com")
+
+authorizer.fetch_access_token!
+```
+
 ### Example (Environment Variables)
 
 ```bash

data/lib/googleauth/credentials_loader.rb

@@ -12,7 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "memoist"
 require "os"
 require "rbconfig"
 
@@ -23,7 +22,6 @@ module Google
     # CredentialsLoader contains the behaviour used to locate and find default
     # credentials files on the file system.
     module CredentialsLoader
-      extend Memoist
       ENV_VAR                   = "GOOGLE_APPLICATION_CREDENTIALS".freeze
       PRIVATE_KEY_VAR           = "GOOGLE_PRIVATE_KEY".freeze
       CLIENT_EMAIL_VAR          = "GOOGLE_CLIENT_EMAIL".freeze

data/lib/googleauth/user_refresh.rb

@@ -36,6 +36,7 @@ module Google
       REVOKE_TOKEN_URI = "https://oauth2.googleapis.com/revoke".freeze
       extend CredentialsLoader
       attr_reader :project_id
+      attr_reader :quota_project_id
 
       # Create a UserRefreshCredentials.
       #
@@ -48,14 +49,15 @@ module Google
           "client_id"     => ENV[CredentialsLoader::CLIENT_ID_VAR],
           "client_secret" => ENV[CredentialsLoader::CLIENT_SECRET_VAR],
           "refresh_token" => ENV[CredentialsLoader::REFRESH_TOKEN_VAR],
-          "project_id"    => ENV[CredentialsLoader::PROJECT_ID_VAR]
+          "project_id"    => ENV[CredentialsLoader::PROJECT_ID_VAR],
+          "quota_project_id" => nil
         }
-
         new(token_credential_uri: TOKEN_CRED_URI,
             client_id:            user_creds["client_id"],
             client_secret:        user_creds["client_secret"],
             refresh_token:        user_creds["refresh_token"],
             project_id:           user_creds["project_id"],
+            quota_project_id:     user_creds["quota_project_id"],
             scope:                scope)
           .configure_connection(options)
       end
@@ -77,6 +79,7 @@ module Google
         options[:authorization_uri] ||= AUTHORIZATION_URI
         @project_id = options[:project_id]
         @project_id ||= CredentialsLoader.load_gcloud_project_id
+        @quota_project_id = options[:quota_project_id]
         super options
       end
 

data/lib/googleauth/version.rb

@@ -16,6 +16,6 @@ module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    VERSION = "1.1.0".freeze
+    VERSION = "1.1.3".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: googleauth
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.3
 platform: ruby
 authors:
 - Tim Emiola
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-10-25 00:00:00.000000000 Z
+date: 2022-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -19,7 +19,7 @@ dependencies:
         version: 0.17.3
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 3.a
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: 0.17.3
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 3.a
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -177,7 +177,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.17
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: Google Auth Library for Ruby