googleauth 1.7.0 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5437d56e0c86ce235d37a202af1a28219a9caeb0bc0f8abac5540cc1d73edf28
-  data.tar.gz: f56369065e2abc56fb51abccc5003264f8c9ef3e745c202e06e5cb4c6b083d84
+  metadata.gz: 888e57705b33e87158d060b7b1569e54e00000428de35f979e7ffc9456cbb7b3
+  data.tar.gz: ac341b6c481df125091c1465b56642173591f5698baff6f4806b05216eca8802
 SHA512:
-  metadata.gz: f350fb9178517f4782c1dcf08804f5b0ec6bb12ed6dd460ff9c7a875b5929146bf357d797a52cb976878ef25ca8e3439d90b41dfb0e44fbf0b1cfcdf1109ec85
-  data.tar.gz: 5a1811530c2a2f5321937bdc90f157f7b55cf0b4c77c7c8f98e87474cfd22b06154987279003cefcb3f8cb400f690364078f9dd0302286f6cbd6d94afde826b3
+  metadata.gz: 0e9d2fd50c39bf83e86f9f31bbddb897d28ce908be1214849926c45ce7ad2fa0d8f48d70a01acc84c9fa49ddf1a3a3c0c5a87b9bdf1d3ae1b9430b739e709c67
+  data.tar.gz: f92483b4971ecc9d48a0b3656a76c694974c6b60153d6ea5ff0f1dd6c544da51b924aedbfa71956db2c1dada98a6cdaa632bb6f38c663e384acc8ebb3af8d1d2

data/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Release History
 
+### 1.8.0 (2023-09-07)
+
+#### Features
+
+* Pass additional parameters to auhtorization url ([#447](https://github.com/googleapis/google-auth-library-ruby/issues/447)) 
+#### Documentation
+
+* improve ADC related error and warning messages ([#449](https://github.com/googleapis/google-auth-library-ruby/issues/449)) 
+
 ### 1.7.0 (2023-07-14)
 
 #### Features

data/README.md

@@ -243,6 +243,6 @@ hesitate to
 [ask questions](http://stackoverflow.com/questions/tagged/google-auth-library-ruby)
 about the client or APIs on [StackOverflow](http://stackoverflow.com).
 
-[application default credentials]: https://developers.google.com/accounts/docs/application-default-credentials
+[application default credentials]: https://cloud.google.com/docs/authentication/provide-credentials-adc
 [contributing]: https://github.com/googleapis/google-auth-library-ruby/tree/main/.github/CONTRIBUTING.md
 [license]: https://github.com/googleapis/google-auth-library-ruby/tree/main/LICENSE

data/lib/googleauth/application_default.rb

@@ -21,7 +21,7 @@ module Google
   module Auth
     NOT_FOUND_ERROR = <<~ERROR_MESSAGE.freeze
       Could not load the default credentials. Browse to
-      https://developers.google.com/accounts/docs/application-default-credentials
+      https://cloud.google.com/docs/authentication/provide-credentials-adc
       for more information
     ERROR_MESSAGE
 
@@ -57,7 +57,7 @@ module Google
       return creds unless creds.nil?
       unless GCECredentials.on_gce? options
         # Clear cache of the result of GCECredentials.on_gce?
-        GCECredentials.unmemoize_all
+        GCECredentials.reset_cache
         raise NOT_FOUND_ERROR
       end
       GCECredentials.new options.merge(scope: scope)

data/lib/googleauth/client_id.rb

@@ -17,37 +17,52 @@ require "googleauth/credentials_loader"
 
 module Google
   module Auth
-    # Representation of an application's identity for user authorization
-    # flows.
+    ##
+    # Representation of an application's identity for user authorization flows.
+    #
     class ClientId
+      # Toplevel JSON key for the an installed app configuration.
+      # Must include client_id and client_secret subkeys if present.
       INSTALLED_APP = "installed".freeze
+      # Toplevel JSON key for the a webapp configuration.
+      # Must include client_id and client_secret subkeys if present.
       WEB_APP = "web".freeze
+      # JSON key for the client ID within an app configuration.
       CLIENT_ID = "client_id".freeze
+      # JSON key for the client secret within an app configuration.
       CLIENT_SECRET = "client_secret".freeze
+      # An error message raised when none of the expected toplevel properties
+      # can be found.
       MISSING_TOP_LEVEL_ELEMENT_ERROR =
         "Expected top level property 'installed' or 'web' to be present.".freeze
 
+      ##
       # Text identifier of the client ID
       # @return [String]
+      #
       attr_reader :id
 
+      ##
       # Secret associated with the client ID
       # @return [String]
+      #
       attr_reader :secret
 
       class << self
         attr_accessor :default
       end
 
-      # Initialize the Client ID
+      ##
+      # Initialize the Client ID. Both id and secret must be non-nil.
       #
       # @param [String] id
       #  Text identifier of the client ID
       # @param [String] secret
       #  Secret associated with the client ID
-      # @note Direction instantion is discouraged to avoid embedding IDs
-      #       & secrets in source. See {#from_file} to load from
+      # @note Direct instantiation is discouraged to avoid embedding IDs
+      #       and secrets in source. See {#from_file} to load from
       #       `client_secrets.json` files.
+      #
       def initialize id, secret
         CredentialsLoader.warn_if_cloud_sdk_credentials id
         raise "Client id can not be nil" if id.nil?
@@ -56,12 +71,14 @@ module Google
         @secret = secret
       end
 
+      ##
       # Constructs a Client ID from a JSON file downloaded from the
       # Google Developers Console.
       #
       # @param [String, File] file
       #  Path of file to read from
       # @return [Google::Auth::ClientID]
+      #
       def self.from_file file
         raise "File can not be nil." if file.nil?
         File.open file.to_s do |f|
@@ -71,13 +88,14 @@ module Google
         end
       end
 
+      ##
       # Constructs a Client ID from a previously loaded JSON file. The hash
-      # structure should
-      # match the expected JSON format.
+      # structure should match the expected JSON format.
       #
       # @param [hash] config
       #  Parsed contents of the JSON file
       # @return [Google::Auth::ClientID]
+      #
       def self.from_hash config
         raise "Hash can not be nil." if config.nil?
         raw_detail = config[INSTALLED_APP] || config[WEB_APP]

data/lib/googleauth/compute_engine.rb

@@ -14,7 +14,6 @@
 
 require "faraday"
 require "googleauth/signet"
-require "memoist"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization
@@ -47,9 +46,9 @@ module Google
       # @private Unused and deprecated
       COMPUTE_CHECK_URI = "http://169.254.169.254".freeze
 
-      class << self
-        extend Memoist
+      @on_gce_cache = {}
 
+      class << self
         def metadata_host
           ENV.fetch "GCE_METADATA_HOST", DEFAULT_METADATA_HOST
         end
@@ -68,21 +67,30 @@ module Google
 
         # Detect if this appear to be a GCE instance, by checking if metadata
         # is available.
-        def on_gce? options = {}
-          # TODO: This should use google-cloud-env instead.
-          c = options[:connection] || Faraday.default_connection
-          headers = { "Metadata-Flavor" => "Google" }
-          resp = c.get compute_check_uri, nil, headers do |req|
-            req.options.timeout = 1.0
-            req.options.open_timeout = 0.1
+        def on_gce? options = {}, reload = false # rubocop:disable Style/OptionalBooleanParameter
+          # We can follow OptionalBooleanParameter here because it's a public interface, we can't change it.
+          @on_gce_cache.delete options if reload
+          @on_gce_cache.fetch options do
+            @on_gce_cache[options] = begin
+              # TODO: This should use google-cloud-env instead.
+              c = options[:connection] || Faraday.default_connection
+              headers = { "Metadata-Flavor" => "Google" }
+              resp = c.get compute_check_uri, nil, headers do |req|
+                req.options.timeout = 1.0
+                req.options.open_timeout = 0.1
+              end
+              return false unless resp.status == 200
+              resp.headers["Metadata-Flavor"] == "Google"
+            rescue Faraday::TimeoutError, Faraday::ConnectionFailed
+              false
+            end
           end
-          return false unless resp.status == 200
-          resp.headers["Metadata-Flavor"] == "Google"
-        rescue Faraday::TimeoutError, Faraday::ConnectionFailed
-          false
         end
 
-        memoize :on_gce?
+        def reset_cache
+          @on_gce_cache.clear
+        end
+        alias unmemoize_all reset_cache
       end
 
       # Overrides the super class method to change how access tokens are

data/lib/googleauth/credentials_loader.rb

@@ -50,10 +50,11 @@ module Google
                             "s.googleusercontent.com".freeze
 
       CLOUD_SDK_CREDENTIALS_WARNING =
-        "Your application has authenticated using end user credentials from Google Cloud SDK. We recommend that most " \
-        "server applications use service accounts instead. If your application continues to use end user credentials " \
-        'from Cloud SDK, you might receive a "quota exceeded" or "API not enabled" error. For more information about ' \
-        "service accounts, see https://cloud.google.com/docs/authentication/. To suppress this message, set the " \
+        "You are authenticating using user credentials." \
+        "For production, we recommend using service account credentials." \
+        "To learn more about service account credentials, see" \
+        "http://cloud.google.com/docs/authentication/external/set-up-adc-on-cloud " \
+        "To suppress this message, set the " \
         "GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS environment variable.".freeze
 
       # make_creds proxies the construction of a credentials instance

data/lib/googleauth/scope_util.rb

@@ -18,27 +18,60 @@ require "multi_json"
 
 module Google
   module Auth
-    # Small utility for normalizing scopes into canonical form
+    ##
+    # Small utility for normalizing scopes into canonical form.
+    #
+    # The canonical form of scopes is as an array of strings, each in the form
+    # of a full URL. This utility converts space-delimited scope strings into
+    # this form, and handles a small number of common aliases.
+    #
+    # This is used by UserRefreshCredentials to verify that a credential grants
+    # a requested scope.
+    #
     module ScopeUtil
+      ##
+      # Aliases understood by this utility
+      #
       ALIASES = {
         "email"   => "https://www.googleapis.com/auth/userinfo.email",
         "profile" => "https://www.googleapis.com/auth/userinfo.profile",
         "openid"  => "https://www.googleapis.com/auth/plus.me"
       }.freeze
 
+      ##
+      # Normalize the input, which may be an array of scopes or a whitespace-
+      # delimited scope string. The output is always an array, even if a single
+      # scope is input.
+      #
+      # @param scope [String,Array<String>] Input scope(s)
+      # @return [Array<String>] An array of scopes in canonical form.
+      #
       def self.normalize scope
         list = as_array scope
         list.map { |item| ALIASES[item] || item }
       end
 
+      ##
+      # Ensure the input is an array. If a single string is passed in, splits
+      # it via whitespace. Does not interpret aliases.
+      #
+      # @param scope [String,Array<String>] Input scope(s)
+      # @return [Array<String>] Always an array of strings
+      # @raise ArgumentError If the input is not a string or array of strings
+      #
       def self.as_array scope
         case scope
         when Array
+          scope.each do |item|
+            unless item.is_a? String
+              raise ArgumentError, "Invalid scope value: #{item.inspect}. Must be string or array"
+            end
+          end
           scope
         when String
           scope.split
         else
-          raise "Invalid scope value. Must be string or array"
+          raise ArgumentError, "Invalid scope value: #{scope.inspect}. Must be string or array"
         end
       end
     end

data/lib/googleauth/user_authorizer.rb

@@ -80,6 +80,8 @@ module Google
       # @param [String, Array<String>] scope
       #  Authorization scope to request. Overrides the instance scopes if not
       #  nil.
+      # @param [Hash] additional_parameters
+      #  Additional query parameters to be added to the authorization URL.
       # @return [String]
       #  Authorization url
       def get_authorization_url options = {}
@@ -87,7 +89,8 @@ module Google
         credentials = UserRefreshCredentials.new(
           client_id:     @client_id.id,
           client_secret: @client_id.secret,
-          scope:         scope
+          scope:         scope,
+          additional_parameters: options[:additional_parameters]
         )
         redirect_uri = redirect_uri_for options[:base_url]
         url = credentials.authorization_uri(access_type:            "offline",
@@ -144,6 +147,9 @@ module Google
       #  Absolute URL to resolve the configured callback uri against.
       #  Required if the configured
       #  callback uri is a relative.
+      # @param [Hash] additional_parameters
+      #  Additional parameters to be added to the post body of token
+      #  endpoint request.
       # @return [Google::Auth::UserRefreshCredentials]
       #  Credentials if exchange is successful
       def get_credentials_from_code options = {}
@@ -152,10 +158,11 @@ module Google
         scope = options[:scope] || @scope
         base_url = options[:base_url]
         credentials = UserRefreshCredentials.new(
-          client_id:     @client_id.id,
-          client_secret: @client_id.secret,
-          redirect_uri:  redirect_uri_for(base_url),
-          scope:         scope
+          client_id:             @client_id.id,
+          client_secret:         @client_id.secret,
+          redirect_uri:          redirect_uri_for(base_url),
+          scope:                 scope,
+          additional_parameters: options[:additional_parameters]
         )
         credentials.code = code
         credentials.fetch_access_token!({})

data/lib/googleauth/version.rb

@@ -16,6 +16,6 @@ module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    VERSION = "1.7.0".freeze
+    VERSION = "1.8.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: googleauth
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.8.0
 platform: ruby
 authors:
 - Tim Emiola
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-07-18 00:00:00.000000000 Z
+date: 2023-09-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -50,20 +50,6 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: memoist
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.16'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.16'
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
@@ -186,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.2
+rubygems_version: 3.4.19
 signing_key: 
 specification_version: 4
 summary: Google Auth Library for Ruby