googleauth 1.3.0 → 1.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +58 -0
- data/README.md +4 -2
- data/lib/googleauth/application_default.rb +5 -5
- data/lib/googleauth/base_client.rb +80 -0
- data/lib/googleauth/client_id.rb +25 -8
- data/lib/googleauth/compute_engine.rb +23 -15
- data/lib/googleauth/credentials.rb +1 -2
- data/lib/googleauth/credentials_loader.rb +5 -13
- data/lib/googleauth/default_credentials.rb +5 -2
- data/lib/googleauth/external_account/aws_credentials.rb +378 -0
- data/lib/googleauth/external_account/base_credentials.rb +158 -0
- data/lib/googleauth/external_account/external_account_utils.rb +103 -0
- data/lib/googleauth/external_account/identity_pool_credentials.rb +118 -0
- data/lib/googleauth/external_account/pluggable_credentials.rb +156 -0
- data/lib/googleauth/external_account.rb +93 -0
- data/lib/googleauth/helpers/connection.rb +35 -0
- data/lib/googleauth/id_tokens.rb +2 -2
- data/lib/googleauth/oauth2/sts_client.rb +109 -0
- data/lib/googleauth/scope_util.rb +35 -2
- data/lib/googleauth/service_account.rb +1 -3
- data/lib/googleauth/signet.rb +3 -39
- data/lib/googleauth/user_authorizer.rb +12 -5
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +4 -4
- metadata +12 -17
data/lib/googleauth/signet.rb
CHANGED
@@ -13,16 +13,18 @@
|
|
13
13
|
# limitations under the License.
|
14
14
|
|
15
15
|
require "signet/oauth_2/client"
|
16
|
+
require "googleauth/base_client"
|
16
17
|
|
17
18
|
module Signet
|
18
19
|
# OAuth2 supports OAuth2 authentication.
|
19
20
|
module OAuth2
|
20
|
-
AUTH_METADATA_KEY = :authorization
|
21
21
|
# Signet::OAuth2::Client creates an OAuth2 client
|
22
22
|
#
|
23
23
|
# This reopens Client to add #apply and #apply! methods which update a
|
24
24
|
# hash with the fetched authentication token.
|
25
25
|
class Client
|
26
|
+
include Google::Auth::BaseClient
|
27
|
+
|
26
28
|
def configure_connection options
|
27
29
|
@connection_info =
|
28
30
|
options[:connection_builder] || options[:default_connection]
|
@@ -34,37 +36,6 @@ module Signet
|
|
34
36
|
target_audience ? :id_token : :access_token
|
35
37
|
end
|
36
38
|
|
37
|
-
# Whether the id_token or access_token is missing or about to expire.
|
38
|
-
def needs_access_token?
|
39
|
-
send(token_type).nil? || expires_within?(60)
|
40
|
-
end
|
41
|
-
|
42
|
-
# Updates a_hash updated with the authentication token
|
43
|
-
def apply! a_hash, opts = {}
|
44
|
-
# fetch the access token there is currently not one, or if the client
|
45
|
-
# has expired
|
46
|
-
fetch_access_token! opts if needs_access_token?
|
47
|
-
a_hash[AUTH_METADATA_KEY] = "Bearer #{send token_type}"
|
48
|
-
end
|
49
|
-
|
50
|
-
# Returns a clone of a_hash updated with the authentication token
|
51
|
-
def apply a_hash, opts = {}
|
52
|
-
a_copy = a_hash.clone
|
53
|
-
apply! a_copy, opts
|
54
|
-
a_copy
|
55
|
-
end
|
56
|
-
|
57
|
-
# Returns a reference to the #apply method, suitable for passing as
|
58
|
-
# a closure
|
59
|
-
def updater_proc
|
60
|
-
proc { |a_hash, opts = {}| apply a_hash, opts }
|
61
|
-
end
|
62
|
-
|
63
|
-
def on_refresh &block
|
64
|
-
@refresh_listeners = [] unless defined? @refresh_listeners
|
65
|
-
@refresh_listeners << block
|
66
|
-
end
|
67
|
-
|
68
39
|
alias orig_fetch_access_token! fetch_access_token!
|
69
40
|
def fetch_access_token! options = {}
|
70
41
|
unless options[:connection]
|
@@ -78,13 +49,6 @@ module Signet
|
|
78
49
|
info
|
79
50
|
end
|
80
51
|
|
81
|
-
def notify_refresh_listeners
|
82
|
-
listeners = defined?(@refresh_listeners) ? @refresh_listeners : []
|
83
|
-
listeners.each do |block|
|
84
|
-
block.call self
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
52
|
def build_default_connection
|
89
53
|
if !defined?(@connection_info)
|
90
54
|
nil
|
@@ -80,6 +80,8 @@ module Google
|
|
80
80
|
# @param [String, Array<String>] scope
|
81
81
|
# Authorization scope to request. Overrides the instance scopes if not
|
82
82
|
# nil.
|
83
|
+
# @param [Hash] additional_parameters
|
84
|
+
# Additional query parameters to be added to the authorization URL.
|
83
85
|
# @return [String]
|
84
86
|
# Authorization url
|
85
87
|
def get_authorization_url options = {}
|
@@ -87,7 +89,8 @@ module Google
|
|
87
89
|
credentials = UserRefreshCredentials.new(
|
88
90
|
client_id: @client_id.id,
|
89
91
|
client_secret: @client_id.secret,
|
90
|
-
scope: scope
|
92
|
+
scope: scope,
|
93
|
+
additional_parameters: options[:additional_parameters]
|
91
94
|
)
|
92
95
|
redirect_uri = redirect_uri_for options[:base_url]
|
93
96
|
url = credentials.authorization_uri(access_type: "offline",
|
@@ -144,6 +147,9 @@ module Google
|
|
144
147
|
# Absolute URL to resolve the configured callback uri against.
|
145
148
|
# Required if the configured
|
146
149
|
# callback uri is a relative.
|
150
|
+
# @param [Hash] additional_parameters
|
151
|
+
# Additional parameters to be added to the post body of token
|
152
|
+
# endpoint request.
|
147
153
|
# @return [Google::Auth::UserRefreshCredentials]
|
148
154
|
# Credentials if exchange is successful
|
149
155
|
def get_credentials_from_code options = {}
|
@@ -152,10 +158,11 @@ module Google
|
|
152
158
|
scope = options[:scope] || @scope
|
153
159
|
base_url = options[:base_url]
|
154
160
|
credentials = UserRefreshCredentials.new(
|
155
|
-
client_id:
|
156
|
-
client_secret:
|
157
|
-
redirect_uri:
|
158
|
-
scope:
|
161
|
+
client_id: @client_id.id,
|
162
|
+
client_secret: @client_id.secret,
|
163
|
+
redirect_uri: redirect_uri_for(base_url),
|
164
|
+
scope: scope,
|
165
|
+
additional_parameters: options[:additional_parameters]
|
159
166
|
)
|
160
167
|
credentials.code = code
|
161
168
|
credentials.fetch_access_token!({})
|
data/lib/googleauth/version.rb
CHANGED
@@ -192,13 +192,13 @@ module Google
|
|
192
192
|
end
|
193
193
|
|
194
194
|
def self.extract_callback_state request
|
195
|
-
state = MultiJson.load(request[STATE_PARAM] || "{}")
|
195
|
+
state = MultiJson.load(request.params[STATE_PARAM] || "{}")
|
196
196
|
redirect_uri = state[CURRENT_URI_KEY]
|
197
197
|
callback_state = {
|
198
|
-
AUTH_CODE_KEY => request[AUTH_CODE_KEY],
|
199
|
-
ERROR_CODE_KEY => request[ERROR_CODE_KEY],
|
198
|
+
AUTH_CODE_KEY => request.params[AUTH_CODE_KEY],
|
199
|
+
ERROR_CODE_KEY => request.params[ERROR_CODE_KEY],
|
200
200
|
SESSION_ID_KEY => state[SESSION_ID_KEY],
|
201
|
-
SCOPE_KEY => request[SCOPE_KEY]
|
201
|
+
SCOPE_KEY => request.params[SCOPE_KEY]
|
202
202
|
}
|
203
203
|
[callback_state, redirect_uri]
|
204
204
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: googleauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Emiola
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-09-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -50,20 +50,6 @@ dependencies:
|
|
50
50
|
- - "<"
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: '3.0'
|
53
|
-
- !ruby/object:Gem::Dependency
|
54
|
-
name: memoist
|
55
|
-
requirement: !ruby/object:Gem::Requirement
|
56
|
-
requirements:
|
57
|
-
- - "~>"
|
58
|
-
- !ruby/object:Gem::Version
|
59
|
-
version: '0.16'
|
60
|
-
type: :runtime
|
61
|
-
prerelease: false
|
62
|
-
version_requirements: !ruby/object:Gem::Requirement
|
63
|
-
requirements:
|
64
|
-
- - "~>"
|
65
|
-
- !ruby/object:Gem::Version
|
66
|
-
version: '0.16'
|
67
53
|
- !ruby/object:Gem::Dependency
|
68
54
|
name: multi_json
|
69
55
|
requirement: !ruby/object:Gem::Requirement
|
@@ -134,17 +120,26 @@ files:
|
|
134
120
|
- SECURITY.md
|
135
121
|
- lib/googleauth.rb
|
136
122
|
- lib/googleauth/application_default.rb
|
123
|
+
- lib/googleauth/base_client.rb
|
137
124
|
- lib/googleauth/client_id.rb
|
138
125
|
- lib/googleauth/compute_engine.rb
|
139
126
|
- lib/googleauth/credentials.rb
|
140
127
|
- lib/googleauth/credentials_loader.rb
|
141
128
|
- lib/googleauth/default_credentials.rb
|
129
|
+
- lib/googleauth/external_account.rb
|
130
|
+
- lib/googleauth/external_account/aws_credentials.rb
|
131
|
+
- lib/googleauth/external_account/base_credentials.rb
|
132
|
+
- lib/googleauth/external_account/external_account_utils.rb
|
133
|
+
- lib/googleauth/external_account/identity_pool_credentials.rb
|
134
|
+
- lib/googleauth/external_account/pluggable_credentials.rb
|
135
|
+
- lib/googleauth/helpers/connection.rb
|
142
136
|
- lib/googleauth/iam.rb
|
143
137
|
- lib/googleauth/id_tokens.rb
|
144
138
|
- lib/googleauth/id_tokens/errors.rb
|
145
139
|
- lib/googleauth/id_tokens/key_sources.rb
|
146
140
|
- lib/googleauth/id_tokens/verifier.rb
|
147
141
|
- lib/googleauth/json_key_reader.rb
|
142
|
+
- lib/googleauth/oauth2/sts_client.rb
|
148
143
|
- lib/googleauth/scope_util.rb
|
149
144
|
- lib/googleauth/service_account.rb
|
150
145
|
- lib/googleauth/signet.rb
|
@@ -177,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
177
172
|
- !ruby/object:Gem::Version
|
178
173
|
version: '0'
|
179
174
|
requirements: []
|
180
|
-
rubygems_version: 3.
|
175
|
+
rubygems_version: 3.4.19
|
181
176
|
signing_key:
|
182
177
|
specification_version: 4
|
183
178
|
summary: Google Auth Library for Ruby
|