googleauth 1.3.0 → 1.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +58 -0
- data/README.md +4 -2
- data/lib/googleauth/application_default.rb +5 -5
- data/lib/googleauth/base_client.rb +80 -0
- data/lib/googleauth/client_id.rb +25 -8
- data/lib/googleauth/compute_engine.rb +23 -15
- data/lib/googleauth/credentials.rb +1 -2
- data/lib/googleauth/credentials_loader.rb +5 -13
- data/lib/googleauth/default_credentials.rb +5 -2
- data/lib/googleauth/external_account/aws_credentials.rb +378 -0
- data/lib/googleauth/external_account/base_credentials.rb +158 -0
- data/lib/googleauth/external_account/external_account_utils.rb +103 -0
- data/lib/googleauth/external_account/identity_pool_credentials.rb +118 -0
- data/lib/googleauth/external_account/pluggable_credentials.rb +156 -0
- data/lib/googleauth/external_account.rb +93 -0
- data/lib/googleauth/helpers/connection.rb +35 -0
- data/lib/googleauth/id_tokens.rb +2 -2
- data/lib/googleauth/oauth2/sts_client.rb +109 -0
- data/lib/googleauth/scope_util.rb +35 -2
- data/lib/googleauth/service_account.rb +1 -3
- data/lib/googleauth/signet.rb +3 -39
- data/lib/googleauth/user_authorizer.rb +12 -5
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +4 -4
- metadata +12 -17
data/lib/googleauth/signet.rb
CHANGED
@@ -13,16 +13,18 @@
|
|
13
13
|
# limitations under the License.
|
14
14
|
|
15
15
|
require "signet/oauth_2/client"
|
16
|
+
require "googleauth/base_client"
|
16
17
|
|
17
18
|
module Signet
|
18
19
|
# OAuth2 supports OAuth2 authentication.
|
19
20
|
module OAuth2
|
20
|
-
AUTH_METADATA_KEY = :authorization
|
21
21
|
# Signet::OAuth2::Client creates an OAuth2 client
|
22
22
|
#
|
23
23
|
# This reopens Client to add #apply and #apply! methods which update a
|
24
24
|
# hash with the fetched authentication token.
|
25
25
|
class Client
|
26
|
+
include Google::Auth::BaseClient
|
27
|
+
|
26
28
|
def configure_connection options
|
27
29
|
@connection_info =
|
28
30
|
options[:connection_builder] || options[:default_connection]
|
@@ -34,37 +36,6 @@ module Signet
|
|
34
36
|
target_audience ? :id_token : :access_token
|
35
37
|
end
|
36
38
|
|
37
|
-
# Whether the id_token or access_token is missing or about to expire.
|
38
|
-
def needs_access_token?
|
39
|
-
send(token_type).nil? || expires_within?(60)
|
40
|
-
end
|
41
|
-
|
42
|
-
# Updates a_hash updated with the authentication token
|
43
|
-
def apply! a_hash, opts = {}
|
44
|
-
# fetch the access token there is currently not one, or if the client
|
45
|
-
# has expired
|
46
|
-
fetch_access_token! opts if needs_access_token?
|
47
|
-
a_hash[AUTH_METADATA_KEY] = "Bearer #{send token_type}"
|
48
|
-
end
|
49
|
-
|
50
|
-
# Returns a clone of a_hash updated with the authentication token
|
51
|
-
def apply a_hash, opts = {}
|
52
|
-
a_copy = a_hash.clone
|
53
|
-
apply! a_copy, opts
|
54
|
-
a_copy
|
55
|
-
end
|
56
|
-
|
57
|
-
# Returns a reference to the #apply method, suitable for passing as
|
58
|
-
# a closure
|
59
|
-
def updater_proc
|
60
|
-
proc { |a_hash, opts = {}| apply a_hash, opts }
|
61
|
-
end
|
62
|
-
|
63
|
-
def on_refresh &block
|
64
|
-
@refresh_listeners = [] unless defined? @refresh_listeners
|
65
|
-
@refresh_listeners << block
|
66
|
-
end
|
67
|
-
|
68
39
|
alias orig_fetch_access_token! fetch_access_token!
|
69
40
|
def fetch_access_token! options = {}
|
70
41
|
unless options[:connection]
|
@@ -78,13 +49,6 @@ module Signet
|
|
78
49
|
info
|
79
50
|
end
|
80
51
|
|
81
|
-
def notify_refresh_listeners
|
82
|
-
listeners = defined?(@refresh_listeners) ? @refresh_listeners : []
|
83
|
-
listeners.each do |block|
|
84
|
-
block.call self
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
52
|
def build_default_connection
|
89
53
|
if !defined?(@connection_info)
|
90
54
|
nil
|
@@ -80,6 +80,8 @@ module Google
|
|
80
80
|
# @param [String, Array<String>] scope
|
81
81
|
# Authorization scope to request. Overrides the instance scopes if not
|
82
82
|
# nil.
|
83
|
+
# @param [Hash] additional_parameters
|
84
|
+
# Additional query parameters to be added to the authorization URL.
|
83
85
|
# @return [String]
|
84
86
|
# Authorization url
|
85
87
|
def get_authorization_url options = {}
|
@@ -87,7 +89,8 @@ module Google
|
|
87
89
|
credentials = UserRefreshCredentials.new(
|
88
90
|
client_id: @client_id.id,
|
89
91
|
client_secret: @client_id.secret,
|
90
|
-
scope: scope
|
92
|
+
scope: scope,
|
93
|
+
additional_parameters: options[:additional_parameters]
|
91
94
|
)
|
92
95
|
redirect_uri = redirect_uri_for options[:base_url]
|
93
96
|
url = credentials.authorization_uri(access_type: "offline",
|
@@ -144,6 +147,9 @@ module Google
|
|
144
147
|
# Absolute URL to resolve the configured callback uri against.
|
145
148
|
# Required if the configured
|
146
149
|
# callback uri is a relative.
|
150
|
+
# @param [Hash] additional_parameters
|
151
|
+
# Additional parameters to be added to the post body of token
|
152
|
+
# endpoint request.
|
147
153
|
# @return [Google::Auth::UserRefreshCredentials]
|
148
154
|
# Credentials if exchange is successful
|
149
155
|
def get_credentials_from_code options = {}
|
@@ -152,10 +158,11 @@ module Google
|
|
152
158
|
scope = options[:scope] || @scope
|
153
159
|
base_url = options[:base_url]
|
154
160
|
credentials = UserRefreshCredentials.new(
|
155
|
-
client_id:
|
156
|
-
client_secret:
|
157
|
-
redirect_uri:
|
158
|
-
scope:
|
161
|
+
client_id: @client_id.id,
|
162
|
+
client_secret: @client_id.secret,
|
163
|
+
redirect_uri: redirect_uri_for(base_url),
|
164
|
+
scope: scope,
|
165
|
+
additional_parameters: options[:additional_parameters]
|
159
166
|
)
|
160
167
|
credentials.code = code
|
161
168
|
credentials.fetch_access_token!({})
|
data/lib/googleauth/version.rb
CHANGED
@@ -192,13 +192,13 @@ module Google
|
|
192
192
|
end
|
193
193
|
|
194
194
|
def self.extract_callback_state request
|
195
|
-
state = MultiJson.load(request[STATE_PARAM] || "{}")
|
195
|
+
state = MultiJson.load(request.params[STATE_PARAM] || "{}")
|
196
196
|
redirect_uri = state[CURRENT_URI_KEY]
|
197
197
|
callback_state = {
|
198
|
-
AUTH_CODE_KEY => request[AUTH_CODE_KEY],
|
199
|
-
ERROR_CODE_KEY => request[ERROR_CODE_KEY],
|
198
|
+
AUTH_CODE_KEY => request.params[AUTH_CODE_KEY],
|
199
|
+
ERROR_CODE_KEY => request.params[ERROR_CODE_KEY],
|
200
200
|
SESSION_ID_KEY => state[SESSION_ID_KEY],
|
201
|
-
SCOPE_KEY => request[SCOPE_KEY]
|
201
|
+
SCOPE_KEY => request.params[SCOPE_KEY]
|
202
202
|
}
|
203
203
|
[callback_state, redirect_uri]
|
204
204
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: googleauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Emiola
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-09-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -50,20 +50,6 @@ dependencies:
|
|
50
50
|
- - "<"
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: '3.0'
|
53
|
-
- !ruby/object:Gem::Dependency
|
54
|
-
name: memoist
|
55
|
-
requirement: !ruby/object:Gem::Requirement
|
56
|
-
requirements:
|
57
|
-
- - "~>"
|
58
|
-
- !ruby/object:Gem::Version
|
59
|
-
version: '0.16'
|
60
|
-
type: :runtime
|
61
|
-
prerelease: false
|
62
|
-
version_requirements: !ruby/object:Gem::Requirement
|
63
|
-
requirements:
|
64
|
-
- - "~>"
|
65
|
-
- !ruby/object:Gem::Version
|
66
|
-
version: '0.16'
|
67
53
|
- !ruby/object:Gem::Dependency
|
68
54
|
name: multi_json
|
69
55
|
requirement: !ruby/object:Gem::Requirement
|
@@ -134,17 +120,26 @@ files:
|
|
134
120
|
- SECURITY.md
|
135
121
|
- lib/googleauth.rb
|
136
122
|
- lib/googleauth/application_default.rb
|
123
|
+
- lib/googleauth/base_client.rb
|
137
124
|
- lib/googleauth/client_id.rb
|
138
125
|
- lib/googleauth/compute_engine.rb
|
139
126
|
- lib/googleauth/credentials.rb
|
140
127
|
- lib/googleauth/credentials_loader.rb
|
141
128
|
- lib/googleauth/default_credentials.rb
|
129
|
+
- lib/googleauth/external_account.rb
|
130
|
+
- lib/googleauth/external_account/aws_credentials.rb
|
131
|
+
- lib/googleauth/external_account/base_credentials.rb
|
132
|
+
- lib/googleauth/external_account/external_account_utils.rb
|
133
|
+
- lib/googleauth/external_account/identity_pool_credentials.rb
|
134
|
+
- lib/googleauth/external_account/pluggable_credentials.rb
|
135
|
+
- lib/googleauth/helpers/connection.rb
|
142
136
|
- lib/googleauth/iam.rb
|
143
137
|
- lib/googleauth/id_tokens.rb
|
144
138
|
- lib/googleauth/id_tokens/errors.rb
|
145
139
|
- lib/googleauth/id_tokens/key_sources.rb
|
146
140
|
- lib/googleauth/id_tokens/verifier.rb
|
147
141
|
- lib/googleauth/json_key_reader.rb
|
142
|
+
- lib/googleauth/oauth2/sts_client.rb
|
148
143
|
- lib/googleauth/scope_util.rb
|
149
144
|
- lib/googleauth/service_account.rb
|
150
145
|
- lib/googleauth/signet.rb
|
@@ -177,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
177
172
|
- !ruby/object:Gem::Version
|
178
173
|
version: '0'
|
179
174
|
requirements: []
|
180
|
-
rubygems_version: 3.
|
175
|
+
rubygems_version: 3.4.19
|
181
176
|
signing_key:
|
182
177
|
specification_version: 4
|
183
178
|
summary: Google Auth Library for Ruby
|