googleauth 1.3.0 → 1.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +58 -0
- data/README.md +4 -2
- data/lib/googleauth/application_default.rb +5 -5
- data/lib/googleauth/base_client.rb +80 -0
- data/lib/googleauth/client_id.rb +25 -8
- data/lib/googleauth/compute_engine.rb +23 -15
- data/lib/googleauth/credentials.rb +1 -2
- data/lib/googleauth/credentials_loader.rb +5 -13
- data/lib/googleauth/default_credentials.rb +5 -2
- data/lib/googleauth/external_account/aws_credentials.rb +378 -0
- data/lib/googleauth/external_account/base_credentials.rb +158 -0
- data/lib/googleauth/external_account/external_account_utils.rb +103 -0
- data/lib/googleauth/external_account/identity_pool_credentials.rb +118 -0
- data/lib/googleauth/external_account/pluggable_credentials.rb +156 -0
- data/lib/googleauth/external_account.rb +93 -0
- data/lib/googleauth/helpers/connection.rb +35 -0
- data/lib/googleauth/id_tokens.rb +2 -2
- data/lib/googleauth/oauth2/sts_client.rb +109 -0
- data/lib/googleauth/scope_util.rb +35 -2
- data/lib/googleauth/service_account.rb +1 -3
- data/lib/googleauth/signet.rb +3 -39
- data/lib/googleauth/user_authorizer.rb +12 -5
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +4 -4
- metadata +12 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 37795e56189392a97d5941b4982730ffa2ee1dd53ec63593bbb7f5ad50be044e
|
4
|
+
data.tar.gz: 72d6b584c89c321698485bda1e4aef33f361ed35da4762bd22b5dc4634556f8f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1dcfc8f1e8e65f9b4b27c4933e71faffd2998d11766307cf464d0551d5f37e41c266e840a340a9aba41d49f44d05005006077526851b1b33e277ce3155d16370
|
7
|
+
data.tar.gz: f036b3403998c93f41eae33c472ad714758e6c6d06e9a1b197b53d118d182c2abb9caf40636ff63c152e2186642430de824e7929dcd2978cd358a5bd03194c1c
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,63 @@
|
|
1
1
|
# Release History
|
2
2
|
|
3
|
+
### 1.8.1 (2023-09-19)
|
4
|
+
|
5
|
+
#### Documentation
|
6
|
+
|
7
|
+
* improve ADC related error and warning messages ([#452](https://github.com/googleapis/google-auth-library-ruby/issues/452))
|
8
|
+
|
9
|
+
### 1.8.0 (2023-09-07)
|
10
|
+
|
11
|
+
#### Features
|
12
|
+
|
13
|
+
* Pass additional parameters to auhtorization url ([#447](https://github.com/googleapis/google-auth-library-ruby/issues/447))
|
14
|
+
#### Documentation
|
15
|
+
|
16
|
+
* improve ADC related error and warning messages ([#449](https://github.com/googleapis/google-auth-library-ruby/issues/449))
|
17
|
+
|
18
|
+
### 1.7.0 (2023-07-14)
|
19
|
+
|
20
|
+
#### Features
|
21
|
+
|
22
|
+
* Adding support for pluggable auth credentials ([#437](https://github.com/googleapis/google-auth-library-ruby/issues/437))
|
23
|
+
#### Documentation
|
24
|
+
|
25
|
+
* fixed iss argument and description in comments of IDTokens ([#438](https://github.com/googleapis/google-auth-library-ruby/issues/438))
|
26
|
+
|
27
|
+
### 1.6.0 (2023-06-20)
|
28
|
+
|
29
|
+
#### Features
|
30
|
+
|
31
|
+
* adding identity pool credentials ([#433](https://github.com/googleapis/google-auth-library-ruby/issues/433))
|
32
|
+
#### Documentation
|
33
|
+
|
34
|
+
* deprecation message for discontinuing command line auth flow ([#435](https://github.com/googleapis/google-auth-library-ruby/issues/435))
|
35
|
+
|
36
|
+
### 1.5.2 (2023-04-13)
|
37
|
+
|
38
|
+
#### Bug Fixes
|
39
|
+
|
40
|
+
* AWS IMDSV2 session token fetching shall call PUT method instead of GET ([#429](https://github.com/googleapis/google-auth-library-ruby/issues/429))
|
41
|
+
* GCECredentials - Allow retrieval of ID token ([#425](https://github.com/googleapis/google-auth-library-ruby/issues/425))
|
42
|
+
|
43
|
+
### 1.5.1 (2023-04-10)
|
44
|
+
|
45
|
+
#### Bug Fixes
|
46
|
+
|
47
|
+
* Remove external account config validation ([#427](https://github.com/googleapis/google-auth-library-ruby/issues/427))
|
48
|
+
|
49
|
+
### 1.5.0 (2023-03-21)
|
50
|
+
|
51
|
+
#### Features
|
52
|
+
|
53
|
+
* Add support for AWS Workload Identity Federation ([#418](https://github.com/googleapis/google-auth-library-ruby/issues/418))
|
54
|
+
|
55
|
+
### 1.4.0 (2022-12-14)
|
56
|
+
|
57
|
+
#### Features
|
58
|
+
|
59
|
+
* make new_jwt_token public in order to fetch raw token directly ([#405](https://github.com/googleapis/google-auth-library-ruby/issues/405))
|
60
|
+
|
3
61
|
### 1.3.0 (2022-10-18)
|
4
62
|
|
5
63
|
#### Features
|
data/README.md
CHANGED
@@ -97,7 +97,9 @@ get('/oauth2callback') do
|
|
97
97
|
end
|
98
98
|
```
|
99
99
|
|
100
|
-
### Example (Command Line)
|
100
|
+
### Example (Command Line) [Deprecated]
|
101
|
+
|
102
|
+
The Google Auth OOB flow has been discontiued on January 31, 2023. The OOB flow is a legacy flow that is no longer considered secure. To continue using Google Auth, please migrate your applications to a more secure flow. For more information on how to do this, please refer to this [OOB Migration](https://developers.google.com/identity/protocols/oauth2/resources/oob-migration) guide.
|
101
103
|
|
102
104
|
```ruby
|
103
105
|
require 'googleauth'
|
@@ -241,6 +243,6 @@ hesitate to
|
|
241
243
|
[ask questions](http://stackoverflow.com/questions/tagged/google-auth-library-ruby)
|
242
244
|
about the client or APIs on [StackOverflow](http://stackoverflow.com).
|
243
245
|
|
244
|
-
[application default credentials]: https://
|
246
|
+
[application default credentials]: https://cloud.google.com/docs/authentication/provide-credentials-adc
|
245
247
|
[contributing]: https://github.com/googleapis/google-auth-library-ruby/tree/main/.github/CONTRIBUTING.md
|
246
248
|
[license]: https://github.com/googleapis/google-auth-library-ruby/tree/main/LICENSE
|
@@ -20,9 +20,9 @@ module Google
|
|
20
20
|
# used to access Google APIs.
|
21
21
|
module Auth
|
22
22
|
NOT_FOUND_ERROR = <<~ERROR_MESSAGE.freeze
|
23
|
-
|
24
|
-
|
25
|
-
|
23
|
+
Your credentials were not found. To set up Application Default
|
24
|
+
Credentials for your environment, see
|
25
|
+
https://cloud.google.com/docs/authentication/external/set-up-adc
|
26
26
|
ERROR_MESSAGE
|
27
27
|
|
28
28
|
module_function
|
@@ -57,10 +57,10 @@ module Google
|
|
57
57
|
return creds unless creds.nil?
|
58
58
|
unless GCECredentials.on_gce? options
|
59
59
|
# Clear cache of the result of GCECredentials.on_gce?
|
60
|
-
GCECredentials.
|
60
|
+
GCECredentials.reset_cache
|
61
61
|
raise NOT_FOUND_ERROR
|
62
62
|
end
|
63
|
-
GCECredentials.new scope: scope
|
63
|
+
GCECredentials.new options.merge(scope: scope)
|
64
64
|
end
|
65
65
|
end
|
66
66
|
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# Copyright 2023 Google, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module Google
|
16
|
+
# Module Auth provides classes that provide Google-specific authorization
|
17
|
+
# used to access Google APIs.
|
18
|
+
module Auth
|
19
|
+
# BaseClient is a class used to contain common methods that are required by any
|
20
|
+
# Credentials Client, including AwsCredentials, ServiceAccountCredentials,
|
21
|
+
# and UserRefreshCredentials. This is a superclass of Signet::OAuth2::Client
|
22
|
+
# and has been created to create a generic interface for all credentials clients
|
23
|
+
# to use, including ones which do not inherit from Signet::OAuth2::Client.
|
24
|
+
module BaseClient
|
25
|
+
AUTH_METADATA_KEY = :authorization
|
26
|
+
|
27
|
+
# Updates a_hash updated with the authentication token
|
28
|
+
def apply! a_hash, opts = {}
|
29
|
+
# fetch the access token there is currently not one, or if the client
|
30
|
+
# has expired
|
31
|
+
fetch_access_token! opts if needs_access_token?
|
32
|
+
a_hash[AUTH_METADATA_KEY] = "Bearer #{send token_type}"
|
33
|
+
end
|
34
|
+
|
35
|
+
# Returns a clone of a_hash updated with the authentication token
|
36
|
+
def apply a_hash, opts = {}
|
37
|
+
a_copy = a_hash.clone
|
38
|
+
apply! a_copy, opts
|
39
|
+
a_copy
|
40
|
+
end
|
41
|
+
|
42
|
+
# Whether the id_token or access_token is missing or about to expire.
|
43
|
+
def needs_access_token?
|
44
|
+
send(token_type).nil? || expires_within?(60)
|
45
|
+
end
|
46
|
+
|
47
|
+
# Returns a reference to the #apply method, suitable for passing as
|
48
|
+
# a closure
|
49
|
+
def updater_proc
|
50
|
+
proc { |a_hash, opts = {}| apply a_hash, opts }
|
51
|
+
end
|
52
|
+
|
53
|
+
def on_refresh &block
|
54
|
+
@refresh_listeners = [] unless defined? @refresh_listeners
|
55
|
+
@refresh_listeners << block
|
56
|
+
end
|
57
|
+
|
58
|
+
def notify_refresh_listeners
|
59
|
+
listeners = defined?(@refresh_listeners) ? @refresh_listeners : []
|
60
|
+
listeners.each do |block|
|
61
|
+
block.call self
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def expires_within?
|
66
|
+
raise NotImplementedError
|
67
|
+
end
|
68
|
+
|
69
|
+
private
|
70
|
+
|
71
|
+
def token_type
|
72
|
+
raise NotImplementedError
|
73
|
+
end
|
74
|
+
|
75
|
+
def fetch_access_token!
|
76
|
+
raise NotImplementedError
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
data/lib/googleauth/client_id.rb
CHANGED
@@ -17,51 +17,67 @@ require "googleauth/credentials_loader"
|
|
17
17
|
|
18
18
|
module Google
|
19
19
|
module Auth
|
20
|
-
|
21
|
-
# flows.
|
20
|
+
##
|
21
|
+
# Representation of an application's identity for user authorization flows.
|
22
|
+
#
|
22
23
|
class ClientId
|
24
|
+
# Toplevel JSON key for the an installed app configuration.
|
25
|
+
# Must include client_id and client_secret subkeys if present.
|
23
26
|
INSTALLED_APP = "installed".freeze
|
27
|
+
# Toplevel JSON key for the a webapp configuration.
|
28
|
+
# Must include client_id and client_secret subkeys if present.
|
24
29
|
WEB_APP = "web".freeze
|
30
|
+
# JSON key for the client ID within an app configuration.
|
25
31
|
CLIENT_ID = "client_id".freeze
|
32
|
+
# JSON key for the client secret within an app configuration.
|
26
33
|
CLIENT_SECRET = "client_secret".freeze
|
34
|
+
# An error message raised when none of the expected toplevel properties
|
35
|
+
# can be found.
|
27
36
|
MISSING_TOP_LEVEL_ELEMENT_ERROR =
|
28
37
|
"Expected top level property 'installed' or 'web' to be present.".freeze
|
29
38
|
|
39
|
+
##
|
30
40
|
# Text identifier of the client ID
|
31
41
|
# @return [String]
|
42
|
+
#
|
32
43
|
attr_reader :id
|
33
44
|
|
45
|
+
##
|
34
46
|
# Secret associated with the client ID
|
35
47
|
# @return [String]
|
48
|
+
#
|
36
49
|
attr_reader :secret
|
37
50
|
|
38
51
|
class << self
|
39
52
|
attr_accessor :default
|
40
53
|
end
|
41
54
|
|
42
|
-
|
55
|
+
##
|
56
|
+
# Initialize the Client ID. Both id and secret must be non-nil.
|
43
57
|
#
|
44
58
|
# @param [String] id
|
45
59
|
# Text identifier of the client ID
|
46
60
|
# @param [String] secret
|
47
61
|
# Secret associated with the client ID
|
48
|
-
# @note
|
49
|
-
#
|
62
|
+
# @note Direct instantiation is discouraged to avoid embedding IDs
|
63
|
+
# and secrets in source. See {#from_file} to load from
|
50
64
|
# `client_secrets.json` files.
|
65
|
+
#
|
51
66
|
def initialize id, secret
|
52
|
-
CredentialsLoader.warn_if_cloud_sdk_credentials id
|
53
67
|
raise "Client id can not be nil" if id.nil?
|
54
68
|
raise "Client secret can not be nil" if secret.nil?
|
55
69
|
@id = id
|
56
70
|
@secret = secret
|
57
71
|
end
|
58
72
|
|
73
|
+
##
|
59
74
|
# Constructs a Client ID from a JSON file downloaded from the
|
60
75
|
# Google Developers Console.
|
61
76
|
#
|
62
77
|
# @param [String, File] file
|
63
78
|
# Path of file to read from
|
64
79
|
# @return [Google::Auth::ClientID]
|
80
|
+
#
|
65
81
|
def self.from_file file
|
66
82
|
raise "File can not be nil." if file.nil?
|
67
83
|
File.open file.to_s do |f|
|
@@ -71,13 +87,14 @@ module Google
|
|
71
87
|
end
|
72
88
|
end
|
73
89
|
|
90
|
+
##
|
74
91
|
# Constructs a Client ID from a previously loaded JSON file. The hash
|
75
|
-
# structure should
|
76
|
-
# match the expected JSON format.
|
92
|
+
# structure should match the expected JSON format.
|
77
93
|
#
|
78
94
|
# @param [hash] config
|
79
95
|
# Parsed contents of the JSON file
|
80
96
|
# @return [Google::Auth::ClientID]
|
97
|
+
#
|
81
98
|
def self.from_hash config
|
82
99
|
raise "Hash can not be nil." if config.nil?
|
83
100
|
raw_detail = config[INSTALLED_APP] || config[WEB_APP]
|
@@ -14,7 +14,6 @@
|
|
14
14
|
|
15
15
|
require "faraday"
|
16
16
|
require "googleauth/signet"
|
17
|
-
require "memoist"
|
18
17
|
|
19
18
|
module Google
|
20
19
|
# Module Auth provides classes that provide Google-specific authorization
|
@@ -47,9 +46,9 @@ module Google
|
|
47
46
|
# @private Unused and deprecated
|
48
47
|
COMPUTE_CHECK_URI = "http://169.254.169.254".freeze
|
49
48
|
|
50
|
-
|
51
|
-
extend Memoist
|
49
|
+
@on_gce_cache = {}
|
52
50
|
|
51
|
+
class << self
|
53
52
|
def metadata_host
|
54
53
|
ENV.fetch "GCE_METADATA_HOST", DEFAULT_METADATA_HOST
|
55
54
|
end
|
@@ -68,21 +67,30 @@ module Google
|
|
68
67
|
|
69
68
|
# Detect if this appear to be a GCE instance, by checking if metadata
|
70
69
|
# is available.
|
71
|
-
def on_gce? options = {}
|
72
|
-
#
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
70
|
+
def on_gce? options = {}, reload = false # rubocop:disable Style/OptionalBooleanParameter
|
71
|
+
# We can follow OptionalBooleanParameter here because it's a public interface, we can't change it.
|
72
|
+
@on_gce_cache.delete options if reload
|
73
|
+
@on_gce_cache.fetch options do
|
74
|
+
@on_gce_cache[options] = begin
|
75
|
+
# TODO: This should use google-cloud-env instead.
|
76
|
+
c = options[:connection] || Faraday.default_connection
|
77
|
+
headers = { "Metadata-Flavor" => "Google" }
|
78
|
+
resp = c.get compute_check_uri, nil, headers do |req|
|
79
|
+
req.options.timeout = 1.0
|
80
|
+
req.options.open_timeout = 0.1
|
81
|
+
end
|
82
|
+
return false unless resp.status == 200
|
83
|
+
resp.headers["Metadata-Flavor"] == "Google"
|
84
|
+
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
|
85
|
+
false
|
86
|
+
end
|
78
87
|
end
|
79
|
-
return false unless resp.status == 200
|
80
|
-
resp.headers["Metadata-Flavor"] == "Google"
|
81
|
-
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
|
82
|
-
false
|
83
88
|
end
|
84
89
|
|
85
|
-
|
90
|
+
def reset_cache
|
91
|
+
@on_gce_cache.clear
|
92
|
+
end
|
93
|
+
alias unmemoize_all reset_cache
|
86
94
|
end
|
87
95
|
|
88
96
|
# Overrides the super class method to change how access tokens are
|
@@ -355,14 +355,13 @@ module Google
|
|
355
355
|
@project_id = options["project_id"] || options["project"]
|
356
356
|
@quota_project_id = options["quota_project_id"]
|
357
357
|
case keyfile
|
358
|
-
when
|
358
|
+
when Google::Auth::BaseClient
|
359
359
|
update_from_signet keyfile
|
360
360
|
when Hash
|
361
361
|
update_from_hash keyfile, options
|
362
362
|
else
|
363
363
|
update_from_filepath keyfile, options
|
364
364
|
end
|
365
|
-
CredentialsLoader.warn_if_cloud_sdk_credentials @client.client_id
|
366
365
|
@project_id ||= CredentialsLoader.load_gcloud_project_id
|
367
366
|
@client.fetch_access_token! if @client.needs_access_token?
|
368
367
|
@env_vars = nil
|
@@ -30,6 +30,11 @@ module Google
|
|
30
30
|
REFRESH_TOKEN_VAR = "GOOGLE_REFRESH_TOKEN".freeze
|
31
31
|
ACCOUNT_TYPE_VAR = "GOOGLE_ACCOUNT_TYPE".freeze
|
32
32
|
PROJECT_ID_VAR = "GOOGLE_PROJECT_ID".freeze
|
33
|
+
AWS_REGION_VAR = "AWS_REGION".freeze
|
34
|
+
AWS_DEFAULT_REGION_VAR = "AWS_DEFAULT_REGION".freeze
|
35
|
+
AWS_ACCESS_KEY_ID_VAR = "AWS_ACCESS_KEY_ID".freeze
|
36
|
+
AWS_SECRET_ACCESS_KEY_VAR = "AWS_SECRET_ACCESS_KEY".freeze
|
37
|
+
AWS_SESSION_TOKEN_VAR = "AWS_SESSION_TOKEN".freeze
|
33
38
|
GCLOUD_POSIX_COMMAND = "gcloud".freeze
|
34
39
|
GCLOUD_WINDOWS_COMMAND = "gcloud.cmd".freeze
|
35
40
|
GCLOUD_CONFIG_COMMAND = "config config-helper --format json --verbosity none".freeze
|
@@ -44,13 +49,6 @@ module Google
|
|
44
49
|
CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app" \
|
45
50
|
"s.googleusercontent.com".freeze
|
46
51
|
|
47
|
-
CLOUD_SDK_CREDENTIALS_WARNING =
|
48
|
-
"Your application has authenticated using end user credentials from Google Cloud SDK. We recommend that most " \
|
49
|
-
"server applications use service accounts instead. If your application continues to use end user credentials " \
|
50
|
-
'from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For more information about ' \
|
51
|
-
"service accounts, see https://cloud.google.com/docs/authentication/. To suppress this message, set the " \
|
52
|
-
"GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS environment variable.".freeze
|
53
|
-
|
54
52
|
# make_creds proxies the construction of a credentials instance
|
55
53
|
#
|
56
54
|
# By default, it calls #new on the current class, but this behaviour can
|
@@ -144,12 +142,6 @@ module Google
|
|
144
142
|
|
145
143
|
module_function
|
146
144
|
|
147
|
-
# Issues warning if cloud sdk client id is used
|
148
|
-
def warn_if_cloud_sdk_credentials client_id
|
149
|
-
return if ENV["GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS"]
|
150
|
-
warn CLOUD_SDK_CREDENTIALS_WARNING if client_id == CLOUD_SDK_CLIENT_ID
|
151
|
-
end
|
152
|
-
|
153
145
|
# Finds project_id from gcloud CLI configuration
|
154
146
|
def load_gcloud_project_id
|
155
147
|
gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?
|
@@ -18,6 +18,7 @@ require "stringio"
|
|
18
18
|
require "googleauth/credentials_loader"
|
19
19
|
require "googleauth/service_account"
|
20
20
|
require "googleauth/user_refresh"
|
21
|
+
require "googleauth/external_account"
|
21
22
|
|
22
23
|
module Google
|
23
24
|
# Module Auth provides classes that provide Google-specific authorization
|
@@ -34,11 +35,9 @@ module Google
|
|
34
35
|
json_key_io = options[:json_key_io]
|
35
36
|
if json_key_io
|
36
37
|
json_key, clz = determine_creds_class json_key_io
|
37
|
-
warn_if_cloud_sdk_credentials json_key["client_id"]
|
38
38
|
io = StringIO.new MultiJson.dump(json_key)
|
39
39
|
clz.make_creds options.merge(json_key_io: io)
|
40
40
|
else
|
41
|
-
warn_if_cloud_sdk_credentials ENV[CredentialsLoader::CLIENT_ID_VAR]
|
42
41
|
clz = read_creds
|
43
42
|
clz.make_creds options
|
44
43
|
end
|
@@ -53,6 +52,8 @@ module Google
|
|
53
52
|
ServiceAccountCredentials
|
54
53
|
when "authorized_user"
|
55
54
|
UserRefreshCredentials
|
55
|
+
when "external_account"
|
56
|
+
ExternalAccount::Credentials
|
56
57
|
else
|
57
58
|
raise "credentials type '#{type}' is not supported"
|
58
59
|
end
|
@@ -69,6 +70,8 @@ module Google
|
|
69
70
|
[json_key, ServiceAccountCredentials]
|
70
71
|
when "authorized_user"
|
71
72
|
[json_key, UserRefreshCredentials]
|
73
|
+
when "external_account"
|
74
|
+
[json_key, ExternalAccount::Credentials]
|
72
75
|
else
|
73
76
|
raise "credentials type '#{type}' is not supported"
|
74
77
|
end
|