googleauth 1.1.0 → 1.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +67 -61
- data/README.md +17 -5
- data/lib/googleauth/credentials_loader.rb +0 -2
- data/lib/googleauth/user_refresh.rb +5 -2
- data/lib/googleauth/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 967a6321e1ec2dafec23915f77028196ca588d1b0cd7d40c0824d918d4001298
|
|
4
|
+
data.tar.gz: b85411d05c86ccc52727047c74d82dc30e16df41f374ac6f64d760776be923fc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d858caa697993c8c8336e2b15a5a8e1bf21d939678513874426207e7002a052d82f0ed2020ed7cef54ec14e97aca0e2ce23ff8442cd346d72ea45d4975d4373d
|
|
7
|
+
data.tar.gz: fda398a2576f28e0dff7196e46ce0d51e4e73b4db4f4f59d10e3e2fd124913cc0af2533428bd0a8a8b83f7b6b334757540b556b1160c9adf8dbc6dd9dab827c6
|
data/CHANGELOG.md
CHANGED
|
@@ -1,76 +1,92 @@
|
|
|
1
1
|
# Release History
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
### 1.1.3 (2022-04-20)
|
|
4
4
|
|
|
5
|
+
#### Documentation
|
|
5
6
|
|
|
6
|
-
|
|
7
|
+
* Add README instructions for 3-Legged OAuth with a service account
|
|
7
8
|
|
|
8
|
-
|
|
9
|
+
### 1.1.2 (2022-02-22)
|
|
9
10
|
|
|
10
|
-
|
|
11
|
+
#### Bug Fixes
|
|
11
12
|
|
|
12
|
-
|
|
13
|
+
* Support Faraday 2
|
|
14
|
+
|
|
15
|
+
### 1.1.1 (2022-02-14)
|
|
16
|
+
|
|
17
|
+
#### Bug Fixes
|
|
18
|
+
|
|
19
|
+
* add quota_project to user refresh credentials
|
|
13
20
|
|
|
14
|
-
|
|
15
|
-
* Prevented gcloud from authenticating on the console when getting the gcloud project ([9902503](https://www.github.com/googleapis/google-auth-library-ruby/commit/990250345d6af31de1066c08c0b3b42692ae263c))
|
|
21
|
+
### 1.1.0 (2021-10-24)
|
|
16
22
|
|
|
17
|
-
|
|
23
|
+
#### Features
|
|
18
24
|
|
|
19
|
-
*
|
|
25
|
+
* Support short-lived tokens in Credentials
|
|
26
|
+
|
|
27
|
+
### 1.0.0 (2021-09-27)
|
|
28
|
+
|
|
29
|
+
Bumped version to 1.0.0. Releases from this point will follow semver.
|
|
20
30
|
|
|
21
|
-
|
|
31
|
+
* Allow dependency on future 1.x versions of signet
|
|
32
|
+
* Prevented gcloud from authenticating on the console when getting the gcloud project
|
|
22
33
|
|
|
23
|
-
|
|
34
|
+
### 0.17.1 (2021-09-01)
|
|
24
35
|
|
|
25
|
-
|
|
36
|
+
* Updates to gem metadata
|
|
26
37
|
|
|
27
|
-
|
|
38
|
+
### 0.17.0 (2021-07-30)
|
|
28
39
|
|
|
29
|
-
|
|
40
|
+
* Allow scopes to be self-signed into jwts
|
|
30
41
|
|
|
31
|
-
|
|
42
|
+
### 0.16.2 (2021-04-28)
|
|
32
43
|
|
|
33
|
-
|
|
44
|
+
* Stop attempting to get the project from gcloud when applying self-signed JWTs
|
|
34
45
|
|
|
35
|
-
|
|
46
|
+
### 0.16.1 (2021-04-01)
|
|
36
47
|
|
|
37
|
-
|
|
48
|
+
* Accept application/text content-type for plain idtoken response
|
|
38
49
|
|
|
39
|
-
|
|
50
|
+
### 0.16.0 (2021-03-04)
|
|
40
51
|
|
|
41
|
-
|
|
52
|
+
* Drop support for Ruby 2.4 and add support for Ruby 3.0
|
|
42
53
|
|
|
43
|
-
|
|
44
|
-
* Service accounts apply a self-signed JWT if scopes are marked as default ([d22acb8](https://www.github.com/googleapis/google-auth-library-ruby/commit/d22acb8a510e6711b5674545c31a4816e5a9168f))
|
|
54
|
+
### 0.15.1 (2021-02-08)
|
|
45
55
|
|
|
46
|
-
*
|
|
47
|
-
* Support correct service account and user refresh behavior for custom credential env variables ([d2dffe5](https://www.github.com/googleapis/google-auth-library-ruby/commit/d2dffe592112b45006291ad9a57f56e00fb208c3))
|
|
56
|
+
* Fix crash when using a client credential without any paths or env_vars set
|
|
48
57
|
|
|
49
|
-
|
|
58
|
+
### 0.15.0 (2021-01-26)
|
|
59
|
+
|
|
60
|
+
* Credential parameters inherit from superclasses
|
|
61
|
+
* Service accounts apply a self-signed JWT if scopes are marked as default
|
|
62
|
+
* Retry fetch_access_token when GCE metadata server returns unexpected errors
|
|
63
|
+
* Support correct service account and user refresh behavior for custom credential env variables
|
|
64
|
+
|
|
65
|
+
### 0.14.0 / 2020-10-09
|
|
50
66
|
|
|
51
67
|
* Honor GCE_METADATA_HOST environment variable
|
|
52
68
|
* Fix errors in some environments when requesting an access token for multiple scopes
|
|
53
69
|
|
|
54
|
-
|
|
70
|
+
### 0.13.1 / 2020-07-30
|
|
55
71
|
|
|
56
72
|
* Support scopes when using GCE Metadata Server authentication ([@ball-hayden][])
|
|
57
73
|
|
|
58
|
-
|
|
74
|
+
### 0.13.0 / 2020-06-17
|
|
59
75
|
|
|
60
76
|
* Support for validating ID tokens.
|
|
61
77
|
* Fixed header application of ID tokens from service accounts.
|
|
62
78
|
|
|
63
|
-
|
|
79
|
+
### 0.12.0 / 2020-04-08
|
|
64
80
|
|
|
65
81
|
* Support for ID token credentials.
|
|
66
82
|
* Support reading quota_id_project from service account credentials.
|
|
67
83
|
|
|
68
|
-
|
|
84
|
+
### 0.11.0 / 2020-02-24
|
|
69
85
|
|
|
70
86
|
* Support Faraday 1.x.
|
|
71
87
|
* Allow special "postmessage" value for redirect_uri.
|
|
72
88
|
|
|
73
|
-
|
|
89
|
+
### 0.10.0 / 2019-10-09
|
|
74
90
|
|
|
75
91
|
Note: This release now requires Ruby 2.4 or later
|
|
76
92
|
|
|
@@ -80,7 +96,7 @@ Note: This release now requires Ruby 2.4 or later
|
|
|
80
96
|
* Set instance variables at initialization to avoid spamming warnings
|
|
81
97
|
* Pass "Metadata-Flavor" header to metadata server when checking for GCE
|
|
82
98
|
|
|
83
|
-
|
|
99
|
+
### 0.9.0 / 2019-08-05
|
|
84
100
|
|
|
85
101
|
* Restore compatibility with Ruby 2.0. This is the last release that will work on end-of-lifed versions of Ruby. The 0.10 release will require Ruby 2.4 or later.
|
|
86
102
|
* Update Credentials to use methods for values that are intended to be changed by users, replacing constants.
|
|
@@ -89,105 +105,95 @@ Note: This release now requires Ruby 2.4 or later
|
|
|
89
105
|
* Add verbosity none to gcloud command
|
|
90
106
|
* Make arity of WebUserAuthorizer#get_credentials compatible with the base class
|
|
91
107
|
|
|
92
|
-
|
|
108
|
+
### 0.8.1 / 2019-03-27
|
|
93
109
|
|
|
94
110
|
* Silence unnecessary gcloud warning
|
|
95
111
|
* Treat empty credentials environment variables as unset
|
|
96
112
|
|
|
97
|
-
|
|
113
|
+
### 0.8.0 / 2019-01-02
|
|
98
114
|
|
|
99
115
|
* Support connection options :default_connection and :connection_builder when creating credentials that need to refresh OAuth tokens. This lets clients provide connection objects with custom settings, such as proxies, needed for the client environment.
|
|
100
116
|
* Removed an unnecessary warning about project IDs.
|
|
101
117
|
|
|
102
|
-
|
|
118
|
+
### 0.7.1 / 2018-10-25
|
|
103
119
|
|
|
104
120
|
* Make load_gcloud_project_id module function.
|
|
105
121
|
|
|
106
|
-
|
|
122
|
+
### 0.7.0 / 2018-10-24
|
|
107
123
|
|
|
108
124
|
* Add project_id instance variable to UserRefreshCredentials, ServiceAccountCredentials, and Credentials.
|
|
109
125
|
|
|
110
|
-
|
|
126
|
+
### 0.6.7 / 2018-10-16
|
|
111
127
|
|
|
112
128
|
* Update memoist dependency to ~> 0.16.
|
|
113
129
|
|
|
114
|
-
|
|
130
|
+
### 0.6.6 / 2018-08-22
|
|
115
131
|
|
|
116
132
|
* Remove ruby version warnings.
|
|
117
133
|
|
|
118
|
-
|
|
134
|
+
### 0.6.5 / 2018-08-16
|
|
119
135
|
|
|
120
136
|
* Fix incorrect http verb when revoking credentials.
|
|
121
137
|
* Warn on EOL ruby versions.
|
|
122
138
|
|
|
123
|
-
|
|
139
|
+
### 0.6.4 / 2018-08-03
|
|
124
140
|
|
|
125
141
|
* Resolve issue where DefaultCredentials constant was undefined.
|
|
126
142
|
|
|
127
|
-
|
|
143
|
+
### 0.6.3 / 2018-08-02
|
|
128
144
|
|
|
129
145
|
* Resolve issue where token_store was being written to twice
|
|
130
146
|
|
|
131
|
-
|
|
147
|
+
### 0.6.2 / 2018-08-01
|
|
132
148
|
|
|
133
149
|
* Add warning when using cloud sdk credentials
|
|
134
150
|
|
|
135
|
-
|
|
151
|
+
### 0.6.1 / 2017-10-18
|
|
136
152
|
|
|
137
153
|
* Fix file permissions
|
|
138
154
|
|
|
139
|
-
|
|
155
|
+
### 0.6.0 / 2017-10-17
|
|
140
156
|
|
|
141
157
|
* Support ruby-jwt 2.0
|
|
142
158
|
* Add simple credentials class
|
|
143
159
|
|
|
144
|
-
|
|
160
|
+
### 0.5.3 / 2017-07-21
|
|
145
161
|
|
|
146
162
|
* Fix file permissions on the gem's `.rb` files.
|
|
147
163
|
|
|
148
|
-
|
|
164
|
+
### 0.5.2 / 2017-07-19
|
|
149
165
|
|
|
150
166
|
* Add retry mechanism when fetching access tokens in `GCECredentials` and `UserRefreshCredentials` classes.
|
|
151
167
|
* Update Google API OAuth2 token credential URI to v4.
|
|
152
168
|
|
|
153
|
-
|
|
169
|
+
### 0.5.1 / 2016-01-06
|
|
154
170
|
|
|
155
171
|
* Change header name emitted by `Client#apply` from "Authorization" to "authorization" ([@murgatroid99][])
|
|
156
172
|
* Fix ADC not working on some windows machines ([@vsubramani][])
|
|
157
|
-
[#55](https://github.com/google/google-auth-library-ruby/issues/55)
|
|
158
173
|
|
|
159
|
-
|
|
174
|
+
### 0.5.0 / 2015-10-12
|
|
160
175
|
|
|
161
176
|
* Initial support for user credentials ([@sqrrrl][])
|
|
162
177
|
* Update Signet to 0.7
|
|
163
178
|
|
|
164
|
-
|
|
179
|
+
### 0.4.2 / 2015-08-05
|
|
165
180
|
|
|
166
181
|
* Updated UserRefreshCredentials hash to use string keys ([@haabaato][])
|
|
167
|
-
[#36](https://github.com/google/google-auth-library-ruby/issues/36)
|
|
168
|
-
|
|
169
182
|
* Add support for a system default credentials file. ([@mr-salty][])
|
|
170
|
-
[#33](https://github.com/google/google-auth-library-ruby/issues/33)
|
|
171
|
-
|
|
172
183
|
* Fix bug when loading credentials from ENV ([@dwilkie][])
|
|
173
|
-
[#31](https://github.com/google/google-auth-library-ruby/issues/31)
|
|
174
|
-
|
|
175
184
|
* Relax the constraint of dependent version of multi_json ([@igrep][])
|
|
176
|
-
[#30](https://github.com/google/google-auth-library-ruby/issues/30)
|
|
177
|
-
|
|
178
185
|
* Enables passing credentials via environment variables. ([@haabaato][])
|
|
179
|
-
[#27](https://github.com/google/google-auth-library-ruby/issues/27)
|
|
180
186
|
|
|
181
|
-
|
|
187
|
+
### 0.4.1 / 2015-04-25
|
|
182
188
|
|
|
183
189
|
* Improves handling of --no-scopes GCE authorization ([@tbetbetbe][])
|
|
184
190
|
* Refactoring and cleanup ([@joneslee85][])
|
|
185
191
|
|
|
186
|
-
|
|
192
|
+
### 0.4.0 / 2015-03-25
|
|
187
193
|
|
|
188
194
|
* Adds an implementation of JWT header auth ([@tbetbetbe][])
|
|
189
195
|
|
|
190
|
-
|
|
196
|
+
### 0.3.0 / 2015-03-23
|
|
191
197
|
|
|
192
198
|
* makes the scope parameter's optional in all APIs. ([@tbetbetbe][])
|
|
193
199
|
* changes the scope parameter's position in various constructors. ([@tbetbetbe][])
|
data/README.md
CHANGED
|
@@ -14,11 +14,6 @@
|
|
|
14
14
|
This is Google's officially supported ruby client library for using OAuth 2.0
|
|
15
15
|
authorization and authentication with Google APIs.
|
|
16
16
|
|
|
17
|
-
## Alpha
|
|
18
|
-
|
|
19
|
-
This library is in Alpha. We will make an effort to support the library, but
|
|
20
|
-
we reserve the right to make incompatible changes when necessary.
|
|
21
|
-
|
|
22
17
|
## Install
|
|
23
18
|
|
|
24
19
|
Be sure `https://rubygems.org/` is in your gem sources.
|
|
@@ -116,6 +111,7 @@ token_store = Google::Auth::Stores::FileTokenStore.new(
|
|
|
116
111
|
:file => '/path/to/tokens.yaml')
|
|
117
112
|
authorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store)
|
|
118
113
|
|
|
114
|
+
user_id = ENV['USER']
|
|
119
115
|
credentials = authorizer.get_credentials(user_id)
|
|
120
116
|
if credentials.nil?
|
|
121
117
|
url = authorizer.get_authorization_url(base_url: OOB_URI )
|
|
@@ -161,6 +157,22 @@ drive.authorization = authorizer
|
|
|
161
157
|
list_files = drive.list_files()
|
|
162
158
|
```
|
|
163
159
|
|
|
160
|
+
### 3-Legged OAuth with a Service Account
|
|
161
|
+
|
|
162
|
+
This is similar to regular service account authorization (see [this answer](https://support.google.com/a/answer/2538798?hl=en) for more details on the differences), but you'll need to indicate which user your service account is impersonating by manually updating the `sub` field.
|
|
163
|
+
|
|
164
|
+
```ruby
|
|
165
|
+
scope = 'https://www.googleapis.com/auth/androidpublisher'
|
|
166
|
+
|
|
167
|
+
authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
|
|
168
|
+
json_key_io: File.open('/path/to/service_account_json_key.json'),
|
|
169
|
+
scope: scope
|
|
170
|
+
)
|
|
171
|
+
authorizer.update!(sub: "email-to-impersonate@your-domain.com")
|
|
172
|
+
|
|
173
|
+
authorizer.fetch_access_token!
|
|
174
|
+
```
|
|
175
|
+
|
|
164
176
|
### Example (Environment Variables)
|
|
165
177
|
|
|
166
178
|
```bash
|
|
@@ -12,7 +12,6 @@
|
|
|
12
12
|
# See the License for the specific language governing permissions and
|
|
13
13
|
# limitations under the License.
|
|
14
14
|
|
|
15
|
-
require "memoist"
|
|
16
15
|
require "os"
|
|
17
16
|
require "rbconfig"
|
|
18
17
|
|
|
@@ -23,7 +22,6 @@ module Google
|
|
|
23
22
|
# CredentialsLoader contains the behaviour used to locate and find default
|
|
24
23
|
# credentials files on the file system.
|
|
25
24
|
module CredentialsLoader
|
|
26
|
-
extend Memoist
|
|
27
25
|
ENV_VAR = "GOOGLE_APPLICATION_CREDENTIALS".freeze
|
|
28
26
|
PRIVATE_KEY_VAR = "GOOGLE_PRIVATE_KEY".freeze
|
|
29
27
|
CLIENT_EMAIL_VAR = "GOOGLE_CLIENT_EMAIL".freeze
|
|
@@ -36,6 +36,7 @@ module Google
|
|
|
36
36
|
REVOKE_TOKEN_URI = "https://oauth2.googleapis.com/revoke".freeze
|
|
37
37
|
extend CredentialsLoader
|
|
38
38
|
attr_reader :project_id
|
|
39
|
+
attr_reader :quota_project_id
|
|
39
40
|
|
|
40
41
|
# Create a UserRefreshCredentials.
|
|
41
42
|
#
|
|
@@ -48,14 +49,15 @@ module Google
|
|
|
48
49
|
"client_id" => ENV[CredentialsLoader::CLIENT_ID_VAR],
|
|
49
50
|
"client_secret" => ENV[CredentialsLoader::CLIENT_SECRET_VAR],
|
|
50
51
|
"refresh_token" => ENV[CredentialsLoader::REFRESH_TOKEN_VAR],
|
|
51
|
-
"project_id" => ENV[CredentialsLoader::PROJECT_ID_VAR]
|
|
52
|
+
"project_id" => ENV[CredentialsLoader::PROJECT_ID_VAR],
|
|
53
|
+
"quota_project_id" => nil
|
|
52
54
|
}
|
|
53
|
-
|
|
54
55
|
new(token_credential_uri: TOKEN_CRED_URI,
|
|
55
56
|
client_id: user_creds["client_id"],
|
|
56
57
|
client_secret: user_creds["client_secret"],
|
|
57
58
|
refresh_token: user_creds["refresh_token"],
|
|
58
59
|
project_id: user_creds["project_id"],
|
|
60
|
+
quota_project_id: user_creds["quota_project_id"],
|
|
59
61
|
scope: scope)
|
|
60
62
|
.configure_connection(options)
|
|
61
63
|
end
|
|
@@ -77,6 +79,7 @@ module Google
|
|
|
77
79
|
options[:authorization_uri] ||= AUTHORIZATION_URI
|
|
78
80
|
@project_id = options[:project_id]
|
|
79
81
|
@project_id ||= CredentialsLoader.load_gcloud_project_id
|
|
82
|
+
@quota_project_id = options[:quota_project_id]
|
|
80
83
|
super options
|
|
81
84
|
end
|
|
82
85
|
|
data/lib/googleauth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: googleauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Emiola
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-04-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|
|
@@ -19,7 +19,7 @@ dependencies:
|
|
|
19
19
|
version: 0.17.3
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
|
-
version:
|
|
22
|
+
version: 3.a
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -29,7 +29,7 @@ dependencies:
|
|
|
29
29
|
version: 0.17.3
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version:
|
|
32
|
+
version: 3.a
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
name: jwt
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -177,7 +177,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
177
177
|
- !ruby/object:Gem::Version
|
|
178
178
|
version: '0'
|
|
179
179
|
requirements: []
|
|
180
|
-
rubygems_version: 3.
|
|
180
|
+
rubygems_version: 3.3.5
|
|
181
181
|
signing_key:
|
|
182
182
|
specification_version: 4
|
|
183
183
|
summary: Google Auth Library for Ruby
|