googleauth 1.3.0 → 1.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +58 -0
- data/README.md +4 -2
- data/lib/googleauth/application_default.rb +5 -5
- data/lib/googleauth/base_client.rb +80 -0
- data/lib/googleauth/client_id.rb +25 -8
- data/lib/googleauth/compute_engine.rb +23 -15
- data/lib/googleauth/credentials.rb +1 -2
- data/lib/googleauth/credentials_loader.rb +5 -13
- data/lib/googleauth/default_credentials.rb +5 -2
- data/lib/googleauth/external_account/aws_credentials.rb +378 -0
- data/lib/googleauth/external_account/base_credentials.rb +158 -0
- data/lib/googleauth/external_account/external_account_utils.rb +103 -0
- data/lib/googleauth/external_account/identity_pool_credentials.rb +118 -0
- data/lib/googleauth/external_account/pluggable_credentials.rb +156 -0
- data/lib/googleauth/external_account.rb +93 -0
- data/lib/googleauth/helpers/connection.rb +35 -0
- data/lib/googleauth/id_tokens.rb +2 -2
- data/lib/googleauth/oauth2/sts_client.rb +109 -0
- data/lib/googleauth/scope_util.rb +35 -2
- data/lib/googleauth/service_account.rb +1 -3
- data/lib/googleauth/signet.rb +3 -39
- data/lib/googleauth/user_authorizer.rb +12 -5
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +4 -4
- metadata +12 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 37795e56189392a97d5941b4982730ffa2ee1dd53ec63593bbb7f5ad50be044e
|
4
|
+
data.tar.gz: 72d6b584c89c321698485bda1e4aef33f361ed35da4762bd22b5dc4634556f8f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1dcfc8f1e8e65f9b4b27c4933e71faffd2998d11766307cf464d0551d5f37e41c266e840a340a9aba41d49f44d05005006077526851b1b33e277ce3155d16370
|
7
|
+
data.tar.gz: f036b3403998c93f41eae33c472ad714758e6c6d06e9a1b197b53d118d182c2abb9caf40636ff63c152e2186642430de824e7929dcd2978cd358a5bd03194c1c
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,63 @@
|
|
1
1
|
# Release History
|
2
2
|
|
3
|
+
### 1.8.1 (2023-09-19)
|
4
|
+
|
5
|
+
#### Documentation
|
6
|
+
|
7
|
+
* improve ADC related error and warning messages ([#452](https://github.com/googleapis/google-auth-library-ruby/issues/452))
|
8
|
+
|
9
|
+
### 1.8.0 (2023-09-07)
|
10
|
+
|
11
|
+
#### Features
|
12
|
+
|
13
|
+
* Pass additional parameters to auhtorization url ([#447](https://github.com/googleapis/google-auth-library-ruby/issues/447))
|
14
|
+
#### Documentation
|
15
|
+
|
16
|
+
* improve ADC related error and warning messages ([#449](https://github.com/googleapis/google-auth-library-ruby/issues/449))
|
17
|
+
|
18
|
+
### 1.7.0 (2023-07-14)
|
19
|
+
|
20
|
+
#### Features
|
21
|
+
|
22
|
+
* Adding support for pluggable auth credentials ([#437](https://github.com/googleapis/google-auth-library-ruby/issues/437))
|
23
|
+
#### Documentation
|
24
|
+
|
25
|
+
* fixed iss argument and description in comments of IDTokens ([#438](https://github.com/googleapis/google-auth-library-ruby/issues/438))
|
26
|
+
|
27
|
+
### 1.6.0 (2023-06-20)
|
28
|
+
|
29
|
+
#### Features
|
30
|
+
|
31
|
+
* adding identity pool credentials ([#433](https://github.com/googleapis/google-auth-library-ruby/issues/433))
|
32
|
+
#### Documentation
|
33
|
+
|
34
|
+
* deprecation message for discontinuing command line auth flow ([#435](https://github.com/googleapis/google-auth-library-ruby/issues/435))
|
35
|
+
|
36
|
+
### 1.5.2 (2023-04-13)
|
37
|
+
|
38
|
+
#### Bug Fixes
|
39
|
+
|
40
|
+
* AWS IMDSV2 session token fetching shall call PUT method instead of GET ([#429](https://github.com/googleapis/google-auth-library-ruby/issues/429))
|
41
|
+
* GCECredentials - Allow retrieval of ID token ([#425](https://github.com/googleapis/google-auth-library-ruby/issues/425))
|
42
|
+
|
43
|
+
### 1.5.1 (2023-04-10)
|
44
|
+
|
45
|
+
#### Bug Fixes
|
46
|
+
|
47
|
+
* Remove external account config validation ([#427](https://github.com/googleapis/google-auth-library-ruby/issues/427))
|
48
|
+
|
49
|
+
### 1.5.0 (2023-03-21)
|
50
|
+
|
51
|
+
#### Features
|
52
|
+
|
53
|
+
* Add support for AWS Workload Identity Federation ([#418](https://github.com/googleapis/google-auth-library-ruby/issues/418))
|
54
|
+
|
55
|
+
### 1.4.0 (2022-12-14)
|
56
|
+
|
57
|
+
#### Features
|
58
|
+
|
59
|
+
* make new_jwt_token public in order to fetch raw token directly ([#405](https://github.com/googleapis/google-auth-library-ruby/issues/405))
|
60
|
+
|
3
61
|
### 1.3.0 (2022-10-18)
|
4
62
|
|
5
63
|
#### Features
|
data/README.md
CHANGED
@@ -97,7 +97,9 @@ get('/oauth2callback') do
|
|
97
97
|
end
|
98
98
|
```
|
99
99
|
|
100
|
-
### Example (Command Line)
|
100
|
+
### Example (Command Line) [Deprecated]
|
101
|
+
|
102
|
+
The Google Auth OOB flow has been discontiued on January 31, 2023. The OOB flow is a legacy flow that is no longer considered secure. To continue using Google Auth, please migrate your applications to a more secure flow. For more information on how to do this, please refer to this [OOB Migration](https://developers.google.com/identity/protocols/oauth2/resources/oob-migration) guide.
|
101
103
|
|
102
104
|
```ruby
|
103
105
|
require 'googleauth'
|
@@ -241,6 +243,6 @@ hesitate to
|
|
241
243
|
[ask questions](http://stackoverflow.com/questions/tagged/google-auth-library-ruby)
|
242
244
|
about the client or APIs on [StackOverflow](http://stackoverflow.com).
|
243
245
|
|
244
|
-
[application default credentials]: https://
|
246
|
+
[application default credentials]: https://cloud.google.com/docs/authentication/provide-credentials-adc
|
245
247
|
[contributing]: https://github.com/googleapis/google-auth-library-ruby/tree/main/.github/CONTRIBUTING.md
|
246
248
|
[license]: https://github.com/googleapis/google-auth-library-ruby/tree/main/LICENSE
|
@@ -20,9 +20,9 @@ module Google
|
|
20
20
|
# used to access Google APIs.
|
21
21
|
module Auth
|
22
22
|
NOT_FOUND_ERROR = <<~ERROR_MESSAGE.freeze
|
23
|
-
|
24
|
-
|
25
|
-
|
23
|
+
Your credentials were not found. To set up Application Default
|
24
|
+
Credentials for your environment, see
|
25
|
+
https://cloud.google.com/docs/authentication/external/set-up-adc
|
26
26
|
ERROR_MESSAGE
|
27
27
|
|
28
28
|
module_function
|
@@ -57,10 +57,10 @@ module Google
|
|
57
57
|
return creds unless creds.nil?
|
58
58
|
unless GCECredentials.on_gce? options
|
59
59
|
# Clear cache of the result of GCECredentials.on_gce?
|
60
|
-
GCECredentials.
|
60
|
+
GCECredentials.reset_cache
|
61
61
|
raise NOT_FOUND_ERROR
|
62
62
|
end
|
63
|
-
GCECredentials.new scope: scope
|
63
|
+
GCECredentials.new options.merge(scope: scope)
|
64
64
|
end
|
65
65
|
end
|
66
66
|
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# Copyright 2023 Google, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module Google
|
16
|
+
# Module Auth provides classes that provide Google-specific authorization
|
17
|
+
# used to access Google APIs.
|
18
|
+
module Auth
|
19
|
+
# BaseClient is a class used to contain common methods that are required by any
|
20
|
+
# Credentials Client, including AwsCredentials, ServiceAccountCredentials,
|
21
|
+
# and UserRefreshCredentials. This is a superclass of Signet::OAuth2::Client
|
22
|
+
# and has been created to create a generic interface for all credentials clients
|
23
|
+
# to use, including ones which do not inherit from Signet::OAuth2::Client.
|
24
|
+
module BaseClient
|
25
|
+
AUTH_METADATA_KEY = :authorization
|
26
|
+
|
27
|
+
# Updates a_hash updated with the authentication token
|
28
|
+
def apply! a_hash, opts = {}
|
29
|
+
# fetch the access token there is currently not one, or if the client
|
30
|
+
# has expired
|
31
|
+
fetch_access_token! opts if needs_access_token?
|
32
|
+
a_hash[AUTH_METADATA_KEY] = "Bearer #{send token_type}"
|
33
|
+
end
|
34
|
+
|
35
|
+
# Returns a clone of a_hash updated with the authentication token
|
36
|
+
def apply a_hash, opts = {}
|
37
|
+
a_copy = a_hash.clone
|
38
|
+
apply! a_copy, opts
|
39
|
+
a_copy
|
40
|
+
end
|
41
|
+
|
42
|
+
# Whether the id_token or access_token is missing or about to expire.
|
43
|
+
def needs_access_token?
|
44
|
+
send(token_type).nil? || expires_within?(60)
|
45
|
+
end
|
46
|
+
|
47
|
+
# Returns a reference to the #apply method, suitable for passing as
|
48
|
+
# a closure
|
49
|
+
def updater_proc
|
50
|
+
proc { |a_hash, opts = {}| apply a_hash, opts }
|
51
|
+
end
|
52
|
+
|
53
|
+
def on_refresh &block
|
54
|
+
@refresh_listeners = [] unless defined? @refresh_listeners
|
55
|
+
@refresh_listeners << block
|
56
|
+
end
|
57
|
+
|
58
|
+
def notify_refresh_listeners
|
59
|
+
listeners = defined?(@refresh_listeners) ? @refresh_listeners : []
|
60
|
+
listeners.each do |block|
|
61
|
+
block.call self
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def expires_within?
|
66
|
+
raise NotImplementedError
|
67
|
+
end
|
68
|
+
|
69
|
+
private
|
70
|
+
|
71
|
+
def token_type
|
72
|
+
raise NotImplementedError
|
73
|
+
end
|
74
|
+
|
75
|
+
def fetch_access_token!
|
76
|
+
raise NotImplementedError
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
data/lib/googleauth/client_id.rb
CHANGED
@@ -17,51 +17,67 @@ require "googleauth/credentials_loader"
|
|
17
17
|
|
18
18
|
module Google
|
19
19
|
module Auth
|
20
|
-
|
21
|
-
# flows.
|
20
|
+
##
|
21
|
+
# Representation of an application's identity for user authorization flows.
|
22
|
+
#
|
22
23
|
class ClientId
|
24
|
+
# Toplevel JSON key for the an installed app configuration.
|
25
|
+
# Must include client_id and client_secret subkeys if present.
|
23
26
|
INSTALLED_APP = "installed".freeze
|
27
|
+
# Toplevel JSON key for the a webapp configuration.
|
28
|
+
# Must include client_id and client_secret subkeys if present.
|
24
29
|
WEB_APP = "web".freeze
|
30
|
+
# JSON key for the client ID within an app configuration.
|
25
31
|
CLIENT_ID = "client_id".freeze
|
32
|
+
# JSON key for the client secret within an app configuration.
|
26
33
|
CLIENT_SECRET = "client_secret".freeze
|
34
|
+
# An error message raised when none of the expected toplevel properties
|
35
|
+
# can be found.
|
27
36
|
MISSING_TOP_LEVEL_ELEMENT_ERROR =
|
28
37
|
"Expected top level property 'installed' or 'web' to be present.".freeze
|
29
38
|
|
39
|
+
##
|
30
40
|
# Text identifier of the client ID
|
31
41
|
# @return [String]
|
42
|
+
#
|
32
43
|
attr_reader :id
|
33
44
|
|
45
|
+
##
|
34
46
|
# Secret associated with the client ID
|
35
47
|
# @return [String]
|
48
|
+
#
|
36
49
|
attr_reader :secret
|
37
50
|
|
38
51
|
class << self
|
39
52
|
attr_accessor :default
|
40
53
|
end
|
41
54
|
|
42
|
-
|
55
|
+
##
|
56
|
+
# Initialize the Client ID. Both id and secret must be non-nil.
|
43
57
|
#
|
44
58
|
# @param [String] id
|
45
59
|
# Text identifier of the client ID
|
46
60
|
# @param [String] secret
|
47
61
|
# Secret associated with the client ID
|
48
|
-
# @note
|
49
|
-
#
|
62
|
+
# @note Direct instantiation is discouraged to avoid embedding IDs
|
63
|
+
# and secrets in source. See {#from_file} to load from
|
50
64
|
# `client_secrets.json` files.
|
65
|
+
#
|
51
66
|
def initialize id, secret
|
52
|
-
CredentialsLoader.warn_if_cloud_sdk_credentials id
|
53
67
|
raise "Client id can not be nil" if id.nil?
|
54
68
|
raise "Client secret can not be nil" if secret.nil?
|
55
69
|
@id = id
|
56
70
|
@secret = secret
|
57
71
|
end
|
58
72
|
|
73
|
+
##
|
59
74
|
# Constructs a Client ID from a JSON file downloaded from the
|
60
75
|
# Google Developers Console.
|
61
76
|
#
|
62
77
|
# @param [String, File] file
|
63
78
|
# Path of file to read from
|
64
79
|
# @return [Google::Auth::ClientID]
|
80
|
+
#
|
65
81
|
def self.from_file file
|
66
82
|
raise "File can not be nil." if file.nil?
|
67
83
|
File.open file.to_s do |f|
|
@@ -71,13 +87,14 @@ module Google
|
|
71
87
|
end
|
72
88
|
end
|
73
89
|
|
90
|
+
##
|
74
91
|
# Constructs a Client ID from a previously loaded JSON file. The hash
|
75
|
-
# structure should
|
76
|
-
# match the expected JSON format.
|
92
|
+
# structure should match the expected JSON format.
|
77
93
|
#
|
78
94
|
# @param [hash] config
|
79
95
|
# Parsed contents of the JSON file
|
80
96
|
# @return [Google::Auth::ClientID]
|
97
|
+
#
|
81
98
|
def self.from_hash config
|
82
99
|
raise "Hash can not be nil." if config.nil?
|
83
100
|
raw_detail = config[INSTALLED_APP] || config[WEB_APP]
|
@@ -14,7 +14,6 @@
|
|
14
14
|
|
15
15
|
require "faraday"
|
16
16
|
require "googleauth/signet"
|
17
|
-
require "memoist"
|
18
17
|
|
19
18
|
module Google
|
20
19
|
# Module Auth provides classes that provide Google-specific authorization
|
@@ -47,9 +46,9 @@ module Google
|
|
47
46
|
# @private Unused and deprecated
|
48
47
|
COMPUTE_CHECK_URI = "http://169.254.169.254".freeze
|
49
48
|
|
50
|
-
|
51
|
-
extend Memoist
|
49
|
+
@on_gce_cache = {}
|
52
50
|
|
51
|
+
class << self
|
53
52
|
def metadata_host
|
54
53
|
ENV.fetch "GCE_METADATA_HOST", DEFAULT_METADATA_HOST
|
55
54
|
end
|
@@ -68,21 +67,30 @@ module Google
|
|
68
67
|
|
69
68
|
# Detect if this appear to be a GCE instance, by checking if metadata
|
70
69
|
# is available.
|
71
|
-
def on_gce? options = {}
|
72
|
-
#
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
70
|
+
def on_gce? options = {}, reload = false # rubocop:disable Style/OptionalBooleanParameter
|
71
|
+
# We can follow OptionalBooleanParameter here because it's a public interface, we can't change it.
|
72
|
+
@on_gce_cache.delete options if reload
|
73
|
+
@on_gce_cache.fetch options do
|
74
|
+
@on_gce_cache[options] = begin
|
75
|
+
# TODO: This should use google-cloud-env instead.
|
76
|
+
c = options[:connection] || Faraday.default_connection
|
77
|
+
headers = { "Metadata-Flavor" => "Google" }
|
78
|
+
resp = c.get compute_check_uri, nil, headers do |req|
|
79
|
+
req.options.timeout = 1.0
|
80
|
+
req.options.open_timeout = 0.1
|
81
|
+
end
|
82
|
+
return false unless resp.status == 200
|
83
|
+
resp.headers["Metadata-Flavor"] == "Google"
|
84
|
+
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
|
85
|
+
false
|
86
|
+
end
|
78
87
|
end
|
79
|
-
return false unless resp.status == 200
|
80
|
-
resp.headers["Metadata-Flavor"] == "Google"
|
81
|
-
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
|
82
|
-
false
|
83
88
|
end
|
84
89
|
|
85
|
-
|
90
|
+
def reset_cache
|
91
|
+
@on_gce_cache.clear
|
92
|
+
end
|
93
|
+
alias unmemoize_all reset_cache
|
86
94
|
end
|
87
95
|
|
88
96
|
# Overrides the super class method to change how access tokens are
|
@@ -355,14 +355,13 @@ module Google
|
|
355
355
|
@project_id = options["project_id"] || options["project"]
|
356
356
|
@quota_project_id = options["quota_project_id"]
|
357
357
|
case keyfile
|
358
|
-
when
|
358
|
+
when Google::Auth::BaseClient
|
359
359
|
update_from_signet keyfile
|
360
360
|
when Hash
|
361
361
|
update_from_hash keyfile, options
|
362
362
|
else
|
363
363
|
update_from_filepath keyfile, options
|
364
364
|
end
|
365
|
-
CredentialsLoader.warn_if_cloud_sdk_credentials @client.client_id
|
366
365
|
@project_id ||= CredentialsLoader.load_gcloud_project_id
|
367
366
|
@client.fetch_access_token! if @client.needs_access_token?
|
368
367
|
@env_vars = nil
|
@@ -30,6 +30,11 @@ module Google
|
|
30
30
|
REFRESH_TOKEN_VAR = "GOOGLE_REFRESH_TOKEN".freeze
|
31
31
|
ACCOUNT_TYPE_VAR = "GOOGLE_ACCOUNT_TYPE".freeze
|
32
32
|
PROJECT_ID_VAR = "GOOGLE_PROJECT_ID".freeze
|
33
|
+
AWS_REGION_VAR = "AWS_REGION".freeze
|
34
|
+
AWS_DEFAULT_REGION_VAR = "AWS_DEFAULT_REGION".freeze
|
35
|
+
AWS_ACCESS_KEY_ID_VAR = "AWS_ACCESS_KEY_ID".freeze
|
36
|
+
AWS_SECRET_ACCESS_KEY_VAR = "AWS_SECRET_ACCESS_KEY".freeze
|
37
|
+
AWS_SESSION_TOKEN_VAR = "AWS_SESSION_TOKEN".freeze
|
33
38
|
GCLOUD_POSIX_COMMAND = "gcloud".freeze
|
34
39
|
GCLOUD_WINDOWS_COMMAND = "gcloud.cmd".freeze
|
35
40
|
GCLOUD_CONFIG_COMMAND = "config config-helper --format json --verbosity none".freeze
|
@@ -44,13 +49,6 @@ module Google
|
|
44
49
|
CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app" \
|
45
50
|
"s.googleusercontent.com".freeze
|
46
51
|
|
47
|
-
CLOUD_SDK_CREDENTIALS_WARNING =
|
48
|
-
"Your application has authenticated using end user credentials from Google Cloud SDK. We recommend that most " \
|
49
|
-
"server applications use service accounts instead. If your application continues to use end user credentials " \
|
50
|
-
'from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For more information about ' \
|
51
|
-
"service accounts, see https://cloud.google.com/docs/authentication/. To suppress this message, set the " \
|
52
|
-
"GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS environment variable.".freeze
|
53
|
-
|
54
52
|
# make_creds proxies the construction of a credentials instance
|
55
53
|
#
|
56
54
|
# By default, it calls #new on the current class, but this behaviour can
|
@@ -144,12 +142,6 @@ module Google
|
|
144
142
|
|
145
143
|
module_function
|
146
144
|
|
147
|
-
# Issues warning if cloud sdk client id is used
|
148
|
-
def warn_if_cloud_sdk_credentials client_id
|
149
|
-
return if ENV["GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS"]
|
150
|
-
warn CLOUD_SDK_CREDENTIALS_WARNING if client_id == CLOUD_SDK_CLIENT_ID
|
151
|
-
end
|
152
|
-
|
153
145
|
# Finds project_id from gcloud CLI configuration
|
154
146
|
def load_gcloud_project_id
|
155
147
|
gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?
|
@@ -18,6 +18,7 @@ require "stringio"
|
|
18
18
|
require "googleauth/credentials_loader"
|
19
19
|
require "googleauth/service_account"
|
20
20
|
require "googleauth/user_refresh"
|
21
|
+
require "googleauth/external_account"
|
21
22
|
|
22
23
|
module Google
|
23
24
|
# Module Auth provides classes that provide Google-specific authorization
|
@@ -34,11 +35,9 @@ module Google
|
|
34
35
|
json_key_io = options[:json_key_io]
|
35
36
|
if json_key_io
|
36
37
|
json_key, clz = determine_creds_class json_key_io
|
37
|
-
warn_if_cloud_sdk_credentials json_key["client_id"]
|
38
38
|
io = StringIO.new MultiJson.dump(json_key)
|
39
39
|
clz.make_creds options.merge(json_key_io: io)
|
40
40
|
else
|
41
|
-
warn_if_cloud_sdk_credentials ENV[CredentialsLoader::CLIENT_ID_VAR]
|
42
41
|
clz = read_creds
|
43
42
|
clz.make_creds options
|
44
43
|
end
|
@@ -53,6 +52,8 @@ module Google
|
|
53
52
|
ServiceAccountCredentials
|
54
53
|
when "authorized_user"
|
55
54
|
UserRefreshCredentials
|
55
|
+
when "external_account"
|
56
|
+
ExternalAccount::Credentials
|
56
57
|
else
|
57
58
|
raise "credentials type '#{type}' is not supported"
|
58
59
|
end
|
@@ -69,6 +70,8 @@ module Google
|
|
69
70
|
[json_key, ServiceAccountCredentials]
|
70
71
|
when "authorized_user"
|
71
72
|
[json_key, UserRefreshCredentials]
|
73
|
+
when "external_account"
|
74
|
+
[json_key, ExternalAccount::Credentials]
|
72
75
|
else
|
73
76
|
raise "credentials type '#{type}' is not supported"
|
74
77
|
end
|