gapic-generator-java icon indicating copy to clipboard operation
gapic-generator-java copied to clipboard
verified publisher icon googleapis

gax: investigate GoogleCredentialsProvider JWT with scopes with service account workflows

Open zhumin8 opened this issue 1 year ago • 0 comments

In GoogleCredentialsProvider, getCredentials() has 2 JWT with scopes with service account workflows:

  • One with ServiceAccountJwtAccessCredentials, which is added at https://github.com/googleapis/gax-java/pull/504. This one predates when ServiceAccountCredentials in auth supports JWT (part 1 and part 2)
  • Another one with service account here added in https://github.com/googleapis/gax-java/pull/1420, adopting https://google.aip.dev/auth/4111.

These 2 workflows looks suspicious to me, is there reasons why both are needed?

Separately, our guidance is to use ServiceAccountCredentials with SSJWT whenever possible. (see related issue). Thus if both are to keep, the first one can be updated to use ServiceAccountCredentials.

zhumin8 avatar Aug 20 '24 19:08 zhumin8