googleauth 1.16.1 → 1.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 311cfe855cb7bcac5a60c62eb701be4bfeb2faf7b0c98109afce80ce349ae570
-  data.tar.gz: 452413ded2279ce73c4e7ed4cd17393f3fa2915d8a7a05515cc7ac3145f930b3
+  metadata.gz: af793408bd622c160b50d6839cea9d58523e1424c05cf5fa52beecd93b52aee9
+  data.tar.gz: 0131f0f3459d5e093b1de8fe48d1986a7b51b583be9a3a23383624dea6c5112c
 SHA512:
-  metadata.gz: ea7f50f6938a83785e7fc90613c7b1b51a7b394f28924b4b6f44975b20b9f127dc785a718bf8129c0e5e7fbc19b3765c7d0e25234c5724fb298cdc2c0e70c649
-  data.tar.gz: a3d7a37736db58aca6284d0487772cb08a4b16768a57ceb33296c3cb566073fac8a40f97e502eb916fbd0336ad6e3ff5a20a3888003c84ced05a89250ff22cdd
+  metadata.gz: c5ea780b6bc8b2ae699cb5839f8e4dcfdea65133ec0bd90396c6c1383a6ae34a2b71af9027319c67226faa5ec55e55d75b9aae434e37581ef8e9f54337cd8f5c
+  data.tar.gz: 972fcf255773491f037a360fb8c1d557594b5413f8024cc1c888f7d18536e4b3ff732ffb5f928291984348bb5e0f87af34b01054b3f5f3cd16262f75d1cb4260

data/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Release History
 
+### 1.17.0 (2026-06-04)
+
+#### Features
+
+* port googleauth from multi_json to standard lib json ([#575](https://github.com/googleapis/google-auth-library-ruby/issues/575)) ([5fe4ed9](https://github.com/googleapis/google-auth-library-ruby/commit/5fe4ed96a042f36874a609349be5911db1247c8b)), closes [#572](https://github.com/googleapis/google-auth-library-ruby/issues/572)
+
+### 1.16.2 (2026-02-26)
+
+#### Bug Fixes
+
+* initialize the JWT credentials without JSON roundtrip ([#564](https://github.com/googleapis/google-auth-library-ruby/issues/564)) 
+* return response body from revoke! for logging pipeline ([#562](https://github.com/googleapis/google-auth-library-ruby/issues/562)) 
+
 ### 1.16.1 (2026-01-15)
 
 #### Bug Fixes

data/lib/googleauth/client_id.rb

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "multi_json"
+require "json"
 require "googleauth/credentials_loader"
 require "googleauth/errors"
 
@@ -85,7 +85,11 @@ module Google
         raise InitializationError, "File can not be nil." if file.nil?
         File.open file.to_s do |f|
           json = f.read
-          config = MultiJson.load json
+          begin
+            config = JSON.parse json
+          rescue JSON::ParserError => e
+            raise InitializationError, "Invalid Client ID JSON file: #{e.message}"
+          end
           from_hash config
         end
       end

data/lib/googleauth/credentials.rb

@@ -16,7 +16,6 @@ require "forwardable"
 require "json"
 require "pathname"
 require "signet/oauth_2/client"
-require "multi_json"
 
 require "googleauth/credentials_loader"
 require "googleauth/errors"
@@ -514,7 +513,7 @@ module Google
         json_key, clz = Google::Auth::DefaultCredentials.determine_creds_class creds_input[:json_key_io]
 
         # Re-serialize the parsed JSON and replace the IO stream in creds_input
-        creds_input[:json_key_io] = StringIO.new MultiJson.dump(json_key)
+        creds_input[:json_key_io] = StringIO.new JSON.generate(json_key)
 
         client = clz.make_creds creds_input
         options = options.select { |k, _v| k == :logger }
@@ -531,7 +530,7 @@ module Google
         json_key, clz = Google::Auth::DefaultCredentials.determine_creds_class io
 
         # Re-serialize the parsed JSON and create a new IO stream.
-        new_io = StringIO.new MultiJson.dump(json_key)
+        new_io = StringIO.new JSON.generate(json_key)
 
         clz.make_creds options.merge!(json_key_io: new_io)
       end

data/lib/googleauth/credentials_loader.rb

@@ -14,6 +14,7 @@
 
 require "os"
 require "rbconfig"
+require "json"
 
 require "googleauth/errors"
 
@@ -152,7 +153,7 @@ module Google
         gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?
         gcloud = GCLOUD_POSIX_COMMAND unless OS.windows?
         gcloud_json = IO.popen("#{gcloud} #{GCLOUD_CONFIG_COMMAND}", err: :close, &:read)
-        config = MultiJson.load gcloud_json
+        config = JSON.parse gcloud_json
         config["configuration"]["properties"]["core"]["project"]
       rescue StandardError
         nil
@@ -165,7 +166,11 @@ module Google
       # @param expected_type [String] The expected credential type name.
       # @raise [Google::Auth::InitializationError] If the JSON key type does not match the expected type.
       def load_and_verify_json_key_type json_key_io, expected_type
-        json_key = MultiJson.load json_key_io.read
+        begin
+          json_key = JSON.parse json_key_io.read
+        rescue JSON::ParserError => e
+          raise Google::Auth::InitializationError, "Invalid JSON keyfile format: #{e.message}"
+        end
         json_key_io.rewind # Rewind the stream so it can be read again.
         return if json_key["type"] == expected_type
         raise Google::Auth::InitializationError,

data/lib/googleauth/default_credentials.rb

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "multi_json"
+require "json"
 require "stringio"
 
 require "googleauth/credentials_loader"
@@ -81,7 +81,7 @@ module Google
         json_key_io = options[:json_key_io]
         json_key, clz = determine_creds_class json_key_io
         if json_key
-          io = StringIO.new MultiJson.dump(json_key)
+          io = StringIO.new JSON.generate(json_key)
           clz.make_creds options.merge(json_key_io: io)
         else
           clz.make_creds options
@@ -97,7 +97,7 @@ module Google
       #   or if the environment variable is undefined or unsupported.
       def self.determine_creds_class json_key_io = nil
         if json_key_io
-          json_key = MultiJson.load json_key_io.read
+          json_key = JSON.parse json_key_io.read
           key = "type"
           raise InitializationError, "the json is missing the '#{key}' field" unless json_key.key? key
           type = json_key[key]

data/lib/googleauth/external_account/aws_credentials.rb

@@ -13,6 +13,7 @@
 # limitations under the License.
 
 require "time"
+require "json"
 require "googleauth/errors"
 require "googleauth/external_account/base_credentials"
 require "googleauth/external_account/external_account_utils"
@@ -226,7 +227,7 @@ module Google
         # Retrieves the AWS security credentials required for signing AWS requests from the AWS metadata server.
         def fetch_metadata_security_credentials role_name
           response = get_aws_resource "#{@credential_verification_url}/#{role_name}", "credentials"
-          MultiJson.load response.body
+          JSON.parse response.body
         end
 
         # Reads the name of the AWS region from the environment

data/lib/googleauth/external_account/base_credentials.rb

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.require "time"
 
+require "json"
 require "googleauth/base_client"
 require "googleauth/errors"
 require "googleauth/helpers/connection"
@@ -190,7 +191,7 @@ module Google
           response = connection.post @service_account_impersonation_url do |req|
             req.headers["Authorization"] = "Bearer #{token}"
             req.headers["Content-Type"] = "application/json"
-            req.body = MultiJson.dump({ scope: @scope })
+            req.body = JSON.generate({ scope: @scope })
           end
 
           if response.status != 200
@@ -201,7 +202,7 @@ module Google
             )
           end
 
-          MultiJson.load response.body
+          JSON.parse response.body
         end
 
         def log_impersonated_token_request original_token

data/lib/googleauth/external_account/external_account_utils.rb

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.require "time"
 
+require "json"
 require "googleauth/base_client"
 require "googleauth/errors"
 require "googleauth/helpers/connection"
@@ -54,7 +55,7 @@ module Google
           end
 
           if response.status == 200
-            response_data = MultiJson.load response.body, symbolize_names: true
+            response_data = JSON.parse response.body, symbolize_names: true
             @project_id = response_data[:projectId]
           end
 

data/lib/googleauth/external_account/identity_pool_credentials.rb

@@ -13,6 +13,7 @@
 # limitations under the License.
 
 require "time"
+require "json"
 require "googleauth/errors"
 require "googleauth/external_account/base_credentials"
 require "googleauth/external_account/external_account_utils"
@@ -63,7 +64,7 @@ module Google
             token = content
           else
             begin
-              response_data = MultiJson.load content, symbolize_keys: true
+              response_data = JSON.parse content, symbolize_names: true
               token = response_data[@credential_source_field_name.to_sym]
             rescue StandardError
               raise CredentialsError, "Unable to parse subject_token from JSON resource #{resource_name} " \

data/lib/googleauth/external_account/pluggable_credentials.rb

@@ -14,6 +14,7 @@
 
 require "open3"
 require "time"
+require "json"
 require "googleauth/errors"
 require "googleauth/external_account/base_credentials"
 require "googleauth/external_account/external_account_utils"
@@ -88,7 +89,7 @@ module Google
           env = inject_environment_variables
           output = subprocess_with_timeout env, @credential_source_executable_command,
                                            @credential_source_executable_timeout_millis
-          response = MultiJson.load output, symbolize_keys: true
+          response = JSON.parse output, symbolize_names: true
           parse_subject_token response
         end
 
@@ -99,7 +100,7 @@ module Google
           return nil unless File.exist? @credential_source_executable_output_file
           begin
             content = File.read @credential_source_executable_output_file, encoding: "utf-8"
-            response = MultiJson.load content, symbolize_keys: true
+            response = JSON.parse content, symbolize_names: true
           rescue StandardError
             return nil
           end

data/lib/googleauth/external_account.rb

@@ -14,6 +14,7 @@
 
 require "time"
 require "uri"
+require "json"
 require "googleauth/credentials_loader"
 require "googleauth/errors"
 require "googleauth/external_account/aws_credentials"
@@ -62,12 +63,12 @@ module Google
           json_key_io, scope = options.values_at :json_key_io, :scope
 
           raise InitializationError, "A json file is required for external account credentials." unless json_key_io
-          json_key = MultiJson.load json_key_io.read, symbolize_keys: true
+          json_key = JSON.parse json_key_io.read, symbolize_names: true
           if json_key.key? :type
             json_key_io.rewind
           else # Defaults to class credential 'type' if missing.
             json_key[:type] = CREDENTIAL_TYPE_NAME
-            json_key_io = StringIO.new MultiJson.dump(json_key)
+            json_key_io = StringIO.new JSON.generate(json_key)
           end
           CredentialsLoader.load_and_verify_json_key_type json_key_io, CREDENTIAL_TYPE_NAME
           user_creds = read_json_key json_key_io
@@ -86,7 +87,7 @@ module Google
         # @return [Hash] The parsed JSON key
         # @raise [Google::Auth::InitializationError] If the JSON is missing required fields
         def self.read_json_key json_key_io
-          json_key = MultiJson.load json_key_io.read, symbolize_keys: true
+          json_key = JSON.parse json_key_io.read, symbolize_names: true
           wanted = [
             :audience, :subject_token_type, :token_url, :credential_source
           ]

data/lib/googleauth/iam.rb

@@ -14,7 +14,7 @@
 
 require "googleauth/signet"
 require "googleauth/credentials_loader"
-require "multi_json"
+require "json"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization

data/lib/googleauth/impersonated_service_account.rb

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "json"
 require "googleauth/base_client"
 require "googleauth/errors"
 require "googleauth/helpers/connection"
@@ -117,7 +118,7 @@ module Google
         end
 
         require "googleauth/default_credentials"
-        impersonated_json = MultiJson.load json_key_io.read
+        impersonated_json = JSON.parse json_key_io.read
         source_credentials_info = impersonated_json["source_credentials"]
 
         if source_credentials_info["type"] == CREDENTIAL_TYPE_NAME
@@ -127,7 +128,7 @@ module Google
         end
 
         source_credentials = DefaultCredentials.make_creds(
-          json_key_io: StringIO.new(MultiJson.dump(source_credentials_info))
+          json_key_io: StringIO.new(JSON.generate(source_credentials_info))
         )
 
         impersonation_url = impersonated_json["service_account_impersonation_url"]
@@ -279,7 +280,7 @@ module Google
 
         case resp.status
         when 200
-          response = MultiJson.load resp.body
+          response = JSON.parse resp.body
           self.expires_at = response["expireTime"]
           @access_token = response["accessToken"]
           access_token
@@ -310,7 +311,7 @@ module Google
         connection.post @impersonation_url do |req|
           req.headers.merge! auth_header
           req.headers["Content-Type"] = "application/json"
-          req.body = MultiJson.dump({ scope: @scope })
+          req.body = JSON.generate({ scope: @scope })
         end
       end
 

data/lib/googleauth/json_key_reader.rb

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "json"
 require "googleauth/errors"
 
 module Google
@@ -29,7 +30,11 @@ module Google
       # @raise [Google::Auth::InitializationError] If client_email or private_key
       #   fields are missing from the JSON
       def read_json_key json_key_io
-        json_key = MultiJson.load json_key_io.read
+        begin
+          json_key = JSON.parse json_key_io.read
+        rescue JSON::ParserError => e
+          raise InitializationError, "Invalid JSON keyfile format: #{e.message}"
+        end
         raise InitializationError, "missing client_email" unless json_key.key? "client_email"
         raise InitializationError, "missing private_key" unless json_key.key? "private_key"
         [

data/lib/googleauth/oauth2/sts_client.rb

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "json"
 require "googleauth/errors"
 require "googleauth/helpers/connection"
 
@@ -89,7 +90,7 @@ module Google
             raise AuthorizationError, "Token exchange failed with status #{response.status}"
           end
 
-          MultiJson.load response.body
+          JSON.parse response.body
         end
 
         private
@@ -104,7 +105,7 @@ module Google
             subject_token_type: options[:subject_token_type]
           }
           unless options[:additional_options].nil?
-            request_body[:options] = CGI.escape MultiJson.dump(options[:additional_options], symbolize_name: true)
+            request_body[:options] = CGI.escape JSON.generate(options[:additional_options])
           end
           request_body
         end

data/lib/googleauth/scope_util.rb

@@ -14,7 +14,7 @@
 
 require "googleauth/signet"
 require "googleauth/credentials_loader"
-require "multi_json"
+require "json"
 
 module Google
   module Auth

data/lib/googleauth/service_account.rb

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 require "jwt"
-require "multi_json"
+require "json"
 require "stringio"
 
 require "google/logging/message"
@@ -66,12 +66,12 @@ module Google
 
         private_key, client_email, project_id, quota_project_id, universe_domain =
           if json_key_io
-            json_key = MultiJson.load json_key_io.read
+            json_key = JSON.parse json_key_io.read
             if json_key.key? "type"
               json_key_io.rewind
             else # Defaults to class credential 'type' if missing.
               json_key["type"] = CREDENTIAL_TYPE_NAME
-              json_key_io = StringIO.new MultiJson.dump(json_key)
+              json_key_io = StringIO.new JSON.generate(json_key)
             end
             CredentialsLoader.load_and_verify_json_key_type json_key_io, CREDENTIAL_TYPE_NAME
             read_json_key json_key_io
@@ -188,15 +188,15 @@ module Google
 
       def apply_self_signed_jwt! a_hash
         # Use the ServiceAccountJwtHeaderCredentials using the same cred values
-        cred_json = {
-          private_key: @signing_key.to_s,
-          client_email: @issuer,
-          project_id: @project_id,
-          quota_project_id: @quota_project_id
-        }
-        key_io = StringIO.new MultiJson.dump(cred_json)
-        alt = ServiceAccountJwtHeaderCredentials.make_creds json_key_io: key_io, scope: scope
-        alt.logger = logger
+        alt = ServiceAccountJwtHeaderCredentials.new(
+          private_key:      @signing_key.to_s,
+          issuer:           @issuer,
+          project_id:       @project_id,
+          quota_project_id: @quota_project_id,
+          universe_domain:  universe_domain,
+          scope:            scope,
+          logger:           logger
+        )
         alt.apply! a_hash
       end
 

data/lib/googleauth/signet.rb

@@ -210,10 +210,12 @@ module Signet
           digest = Digest::SHA256.hexdigest response_hash["id_token"]
           response_hash["id_token"] = "(sha256:#{digest})"
         end
-        Google::Logging::Message.from(
-          message: "Received auth token response: #{response_hash}",
-          "credentialsId" => object_id
-        )
+        logger&.debug do
+          Google::Logging::Message.from(
+            message: "Received auth token response: #{response_hash}",
+            "credentialsId" => object_id
+          )
+        end
       end
 
       def log_auth_error err

data/lib/googleauth/user_authorizer.rb

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 require "uri"
-require "multi_json"
+require "json"
 require "googleauth/signet"
 require "googleauth/user_refresh"
 require "securerandom"
@@ -140,7 +140,7 @@ module Google
       def get_credentials user_id, scope = nil
         saved_token = stored_token user_id
         return nil if saved_token.nil?
-        data = MultiJson.load saved_token
+        data = JSON.parse saved_token
 
         if data.fetch("client_id", @client_id.id) != @client_id.id
           raise CredentialsError.with_details(
@@ -250,7 +250,7 @@ module Google
       # @return [Google::Auth::UserRefreshCredentials]
       #  The stored credentials
       def store_credentials user_id, credentials
-        json = MultiJson.dump(
+        json = JSON.generate(
           client_id:              credentials.client_id,
           access_token:           credentials.access_token,
           refresh_token:          credentials.refresh_token,

data/lib/googleauth/user_refresh.rb

@@ -16,7 +16,7 @@ require "googleauth/credentials_loader"
 require "googleauth/errors"
 require "googleauth/scope_util"
 require "googleauth/signet"
-require "multi_json"
+require "json"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization
@@ -50,12 +50,12 @@ module Google
       def self.make_creds options = {} # rubocop:disable Metrics/MethodLength
         json_key_io, scope = options.values_at :json_key_io, :scope
         user_creds = if json_key_io
-                       json_key = MultiJson.load json_key_io.read
+                       json_key = JSON.parse json_key_io.read
                        if json_key.key? "type"
                          json_key_io.rewind
                        else # Defaults to class credential 'type' if missing.
                          json_key["type"] = CREDENTIAL_TYPE_NAME
-                         json_key_io = StringIO.new MultiJson.dump(json_key)
+                         json_key_io = StringIO.new JSON.generate(json_key)
                        end
                        CredentialsLoader.load_and_verify_json_key_type json_key_io, CREDENTIAL_TYPE_NAME
                        read_json_key json_key_io
@@ -86,7 +86,7 @@ module Google
       # @return [Hash] The parsed JSON key
       # @raise [Google::Auth::InitializationError] If the JSON is missing required fields
       def self.read_json_key json_key_io
-        json_key = MultiJson.load json_key_io.read
+        json_key = JSON.parse json_key_io.read
         wanted = ["client_id", "client_secret", "refresh_token"]
         wanted.each do |key|
           raise InitializationError, "the json is missing the #{key} field" unless json_key.key? key
@@ -146,6 +146,8 @@ module Google
               principal: principal
             )
           end
+
+          resp.body
         end
       end
 

data/lib/googleauth/version.rb

@@ -16,6 +16,6 @@ module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    VERSION = "1.16.1".freeze
+    VERSION = "1.17.0".freeze
   end
 end

data/lib/googleauth/web_user_authorizer.rb

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "multi_json"
+require "json"
 require "googleauth/errors"
 require "googleauth/signet"
 require "googleauth/user_authorizer"
@@ -84,7 +84,7 @@ module Google
       #  Redirect URI if successfully extracted, nil otherwise
       def self.handle_auth_callback_deferred request
         callback_state, redirect_uri = extract_callback_state request
-        request.session[CALLBACK_STATE_KEY] = MultiJson.dump callback_state
+        request.session[CALLBACK_STATE_KEY] = JSON.generate callback_state
         redirect_uri
       end
 
@@ -166,10 +166,10 @@ module Google
 
         redirect_to = options[:redirect_to] || request.url
         request.session[XSRF_KEY] = SecureRandom.base64
-        options[:state] = MultiJson.dump(state.merge(
-                                           SESSION_ID_KEY  => request.session[XSRF_KEY],
-                                           CURRENT_URI_KEY => redirect_to
-                                         ))
+        options[:state] = JSON.generate(state.merge(
+                                          SESSION_ID_KEY  => request.session[XSRF_KEY],
+                                          CURRENT_URI_KEY => redirect_to
+                                        ))
         options[:base_url] = request.url
         super options
       end
@@ -194,7 +194,7 @@ module Google
           # Note - in theory, no need to check required scope as this is
           # expected to be called immediately after a return from authorization
           state_json = request.session.delete CALLBACK_STATE_KEY
-          callback_state = MultiJson.load state_json
+          callback_state = JSON.parse state_json
           WebUserAuthorizer.validate_callback_state callback_state, request
           get_and_store_credentials_from_code(
             user_id:  user_id,
@@ -214,7 +214,7 @@ module Google
       # @return [Array<Hash, String>]
       #  Callback state and redirect URI
       def self.extract_callback_state request
-        state = MultiJson.load(request.params[STATE_PARAM] || "{}")
+        state = JSON.parse(request.params[STATE_PARAM] || "{}")
         redirect_uri = state[CURRENT_URI_KEY]
         callback_state = {
           AUTH_CODE_KEY  => request.params[AUTH_CODE_KEY],

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: googleauth
 version: !ruby/object:Gem::Version
-  version: 1.16.1
+  version: 1.17.0
 platform: ruby
 authors:
 - Google LLC
@@ -77,20 +77,6 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '4.0'
-- !ruby/object:Gem::Dependency
-  name: multi_json
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: os
   requirement: !ruby/object:Gem::Requirement
@@ -111,6 +97,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: pstore
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: signet
   requirement: !ruby/object:Gem::Requirement