google-cloud-rs icon indicating copy to clipboard operation
google-cloud-rs copied to clipboard

Published 20 hours ago verified publisher icon google-apis-rs

Authorize with google cloud sdk application default credentials

Open Marlin-Na opened this issue 3 years ago • 3 comments

Hey I am glad seeing this rust binding of google cloud apis.

The python client and others implement several ways to authorize it. https://github.com/googleapis/google-auth-library-python/blob/9e1082366d113286bc063051fd76b4799791d943/google/auth/_default.py#L346-L435

  1. via GOOGLE_APPLICATION_CREDENTIALS environment variable.
  2. via google cloud sdk, i.e. gcloud auth application-default login
  3. via App Engine/ Compute Engine running environment

I am particular interested in the second way for authorization. It essentially involves checking ~/.config/gcloud/application_default_credentials.json file to get client_secret and refresh_token. For example:

> cat ~/.config/gcloud/application_default_credentials.json 
{
  "client_id": "xxx",
  "client_secret": "xxx",
  "refresh_token": "xxx",
  "type": "authorized_user"
}

It would be great if this library can implement this kind of authorization. Issue #15 is probably related.

Marlin-Na avatar Apr 26 '21 07:04 Marlin-Na

Hey,

I am looking for something similar.

I have an application running as a Docker container on Google Cloud Run. I want to interact with Datastore, but I can't seem to obtain the service account.

As others have suggested, it might be worth rewriting the client creation to follow Google's default credential flow and avoid duplication.

I don't mind trying to write a PR. It shouldn't be too hard as the logic already exist in all the official libraries. I should have something in a week or two.

Would anyone have any advice before I start?

plippe avatar Apr 27 '21 20:04 plippe

There doesn't seem to be much interest for my PR. Therefore, I won't waste any time on it.

plippe avatar May 05 '21 10:05 plippe

@Hirevo is this library still being supported? Do you need help? I would also very much like this logic as for now I am having to polyfill it myself. And while I do not mind putting in the work (as I will be forced to anyway), it does seem like a waste of time that all of us need to implement this ourselves.

As such, can the PR of @plippe be looked at please? If not, can you tell us why, so that he, I or someone else can take a second look at it, either by picking up the PR, or going for a by you approved different approach.

Either way, as it stands now, the library is auth-wise very much under-supported, which is a shame, as all the rest does seem to be pretty neat as-is. For which, a big thanks!

GlenDC avatar Aug 23 '21 08:08 GlenDC